Sat.Oct 10, 2020 - Fri.Oct 16, 2020

article thumbnail

Cybercrime: 12 Top Tactics and Trends

Data Breach Today

From Ransomware and DDoS to Malware and SIM Swapping: Europol Describes Latest Threats Ransomware attacks remain the top cyber-enabled threat seen by law enforcement. But phishing, business email compromises and other types of fraud - many now using a COVID-19 theme - also loom large, Europol warns in its latest Internet Organized Crime Threat Assessment.

article thumbnail

Hackers targeted the US Census Bureau network, DHS report warns

Security Affairs

The US DHS’s Homeland Threat Assessment (HTA) report revealed that threat actors have targeted the US Census network during the last year. The US Department of Homeland Security revealed that unknown threat actors have targeted the network of the US Census Bureau during the last year. The attacks were reported in the first Homeland Threat Assessment (HTA) report released earlier this week.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

More BEC Criminal Gangs Are Based in US

Data Breach Today

Agari: US Now Second to Nigeria for Business Email Compromise Fraudsters Business email compromise scams continue to proliferate around the globe, with the U.S. now second only to Nigeria as a home base for the cybercriminal organizations waging the campaigns, according to a study by the security firm Agari.

Security 306
article thumbnail

Breach at Dickey’s BBQ Smokes 3M Cards

Krebs on Security

One of the digital underground’s most popular stores for peddling stolen credit card information began selling a batch of more than three million new card records this week. KrebsOnSecurity has learned the data was stolen in a lengthy data breach at more than 100 Dickey’s Barbeque Restaurant locations around the country. An ad on the popular carding site Joker’s Stash for “BlazingSun,” which fraud experts have traced back to a card breach at Dickey’s BBQ.

Sales 362
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

“Records Management”, “Information Governance”, and Why Words Matter

AIIM

Words are important. Beyond that, the words you choose can mean the difference between someone understanding what you’re saying and someone giving you that glazed expression with one eyebrow lifted saying, “Huh?”. It’s just as important to think of WHO you are communicating to, as it is to think of WHAT you’re trying to say. Allow me to share a quick example to illustrate my point.

More Trending

article thumbnail

Health Data Breaches in 2020: Ransomware Incidents Dominate

Data Breach Today

Blackbaud, Magellan Health Incidents Trigger Numerous Breach Notifications Hacking incidents involving ransomware attacks continue to dominate the 2020 health data breach tally, with incidents affecting two companies - Blackbaud and Magellan Health - accounting for numerous breach notifications by their clients.

article thumbnail

Microsoft Uses Trademark Law to Disrupt Trickbot Botnet

Krebs on Security

Microsoft Corp. has executed a coordinated legal sneak attack in a bid to disrupt the malware-as-a-service botnet Trickbot , a global menace that has infected millions of computers and is used to spread ransomware. A court in Virginia granted Microsoft control over many Internet servers Trickbot uses to plunder infected systems, based on novel claims that the crime machine abused the software giant’s trademarks.

article thumbnail

Google researcher found BleedingTooth flaws in Linux Bluetooth

Security Affairs

Google security researcher discovered Bluetooth vulnerabilities (BleedingTooth) in the Linux kernel that could allow zero-click attacks. Andy Nguyen, a Google security researcher, has found Bluetooth vulnerabilities, referred to as BleedingTooth, in the Linux kernel that could be exploited by attackers to run arbitrary code or access sensitive information.

article thumbnail

REMnux Tools List for Malware Analysis

Lenny Zeltser

REMnux ® offers a curated collection of free tools for reverse-engineering or otherwise analyzing malicious software. How to find the right tool for the job, given how many useful utilities come as part of the distro? To guide you through the process of examining malware, REMnux documentation lists the installed tools by category. Each grouping, which you’ll find in the Discover the Tools section of the documentation site, represents the type of actions the analysts might need to take: Exa

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Morgan Stanley Fined $60 Million for Data Protection Mishaps

Data Breach Today

OCC: Investment Bank Didn't Properly Oversee Decommissioning of Data Center Equipment The Office of the Comptroller of the Currency has fined Morgan Stanley $60 million for the investment bank's failure to properly oversee the decommissioning of several data centers, putting customer data at risk of exposure.

Risk 312
article thumbnail

Microsoft Patch Tuesday, October 2020 Edition

Krebs on Security

It’s Cybersecurity Awareness Month! In keeping with that theme, if you (ab)use Microsoft Windows computers you should be aware the company shipped a bevy of software updates today to fix at least 87 security problems in Windows and programs that run on top of the operating system. That means it’s once again time to backup and patch up. Eleven of the vulnerabilities earned Microsoft’s most-dire “critical” rating, which means bad guys or malware could use them to gain

article thumbnail

The British government aims at improving its offensive cyber capability

Security Affairs

Britain’s most senior cyber general declared that the UK has implemented an advanced offensive cyberwar capability that could destroy its enemies. Gen Sir Patrick Sanders, the UK’s strategic command chief, announced that that the UK has implemented an advanced offensive cyberwar capability that could potentially “degrade, disrupt and destroy” the critical infrastructure of its adversaries.

article thumbnail

Surviving Radical Disruption with Data Intelligence

erwin

It’s certainly no secret that data has been growing in volume, variety and velocity, and most companies are overwhelmed by managing it, let alone harnessing it to put it to work. We’re now generating 2.5 quintillion bytes of data every day, and 90% of the world’s data volume has been created in the past two years alone. With this absolute data explosion, it’s nearly impossible to filter out the time-sensitive data, the information that has immediate relevance and impact o

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Microsoft, Others Dismantle Trickbot Botnet

Data Breach Today

Court Order Enables Takedown of Servers to Disrupt Malware, Protect Election Microsoft collaborated with cybersecurity companies and government agencies to take down the million-device Trickbot botnet in an effort to help protect the Nov. 3 U.S. election and stop the global spread of ransomware and other malware.

article thumbnail

The Man Who Speaks Softly—and Commands a Big Cyber Army

WIRED Threat Level

Meet General Paul Nakasone. He reined in chaos at the NSA and taught the US military how to launch pervasive cyberattacks. And he did it all without you noticing.

Military 145
article thumbnail

APT groups chain VPN and Windows Zerologon bugs to attack US government networks

Security Affairs

US government networks are under attack, threat actors chained VPN and Windows Zerologon flaws to gain unauthorized access to elections support systems. The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) published a joint security alert to warn of attackers combining VPN and Windows Zerologon flaws to target government networks.

article thumbnail

Hacking Apple for Profit

Schneier on Security

Five researchers hacked Apple Computer’s networks — not their products — and found fifty-five vulnerabilities. So far, they have received $289K. One of the worst of all the bugs they found would have allowed criminals to create a worm that would automatically steal all the photos, videos, and documents from someone’s iCloud account and then do the same to the victim’s contacts.

144
144
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Analysis: Will Trickbot Takedown Impact Be Temporary?

Data Breach Today

Experts Weigh in on the Effects of Actions by Microsoft and Others to Disable Botnet Despite the takedown of the Trickbot botnet by Microsoft and others Monday, the malware is still functioning, and its operators retain the tools needed to rebuild their malicious network, some cybsersecurity experts say. So the impact, while significant, could prove to be temporary.

IT 307
article thumbnail

Split-Second ‘Phantom’ Images Can Fool Tesla’s Autopilot

WIRED Threat Level

Researchers found they could stop a Tesla by flashing a few frames of a stop sign for less than half a second on an internet-connected billboard.

Security 144
article thumbnail

Tyler Technologies finally paid the ransom to receive the decryption key

Security Affairs

Tyler Technologies has finally decided to paid a ransom to obtain a decryption key and recover files encrypted in a recent ransomware attack. Tyler Technologies, Inc. is the largest provider of software to the United States public sector. At the end of September, the company disclosed a ransomware attack and its customers reported finding suspicious logins and previously unseen remote access tools on their networks.

article thumbnail

Customised Ubiquiti Clients and Randomised MAC Addresses on Apple Devices

Troy Hunt

You know how some people are what you'd call "house proud" in that they like everything very neat and organised? You walk in there and everything is in its place, nice and clean without clutter. I'm what you'd call "network proud" and the same principle applies to how I manage my IP things: That's just a slice of my Ubiquiti network map which presently has 91 IP addresses on it between clients and network devices.

Privacy 142
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

US Warns: Hackers Chaining Zerologon, Other Vulnerabilities

Data Breach Today

CISA Says APTs Gained Access to State and Local Election Support Systems CISA is warning that sophisticated hacking groups are chaining vulnerabilities together, such as the recent Zerologon bug along with other flaws, to target state and local government networks. In some cases, attackers gained access to election support systems.

article thumbnail

Google Responds to Warrants for “About” Searches

Schneier on Security

One of the things we learned from the Snowden documents is that the NSA conducts “about” searches. That is, searches based on activities and not identifiers. A normal search would be on a name, or IP address, or phone number. An about search would something like “show me anyone that has used this particular name in a communications,” or “show me anyone who was at this particular location within this time frame.” These searches are legal when conducted for the

Privacy 141
article thumbnail

Egregor ransomware gang leaked data alleged stolen from Ubisoft, Crytek

Security Affairs

The Egregor ransomware gang has hit the game developer Crytek and leaked files allegedly stolen from the systems of the gaming firm Ubisoft. A previously unknown ransomware gang dubbed Egregor has hit the game developer Crytek and leaked files allegedly stolen from the internal network of another leading gaming firm, Ubisoft. Breaking: new #Sekhmet #Ransomware (spin-off?

article thumbnail

Internet Freedom Has Taken a Hit During the Covid-19 Pandemic

WIRED Threat Level

From arrests to surveillance, governments are using the novel coronavirus as cover for a crackdown on digital liberty.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Singapore Launches IoT Cybersecurity Labelling

Data Breach Today

Labels Will Indicate What Security Standards Products Meet Singapore has launched an IoT cybersecurity labelling program intended to improve the baseline security of internet-connected consumer products. The program is voluntary, but Singapore eventually intends to make it mandatory.

IoT 299
article thumbnail

An Uncommon 20 Years of Commonly Enumerating Vulns

Dark Reading

Larry Cashdollar, a researcher with more than 300 CVEs to his credit, looks back at his favorite vulnerabilities (and being the only individual CNA on Mitre's list).

131
131
article thumbnail

Leading Law firm Seyfarth Shaw discloses ransomware attack

Security Affairs

Seyfarth Shaw, one of the leading global legal firms announced that it was a victim of an “aggressive malware” attack, likely a ransomware attack. Seyfarth Shaw LLP is an international AmLaw 100 law firm headquartered in Chicago, Illinois, its clients include over 300 of the Fortune 500 companies, and its practice reflects virtually every industry and segment of the economy.