Sat.Apr 10, 2021 - Fri.Apr 16, 2021

article thumbnail

Iranian Nuclear Site Shut Down by Apparent Cyberattack

Data Breach Today

Report: Israeli Government Involved Israeli public media outlet Kan, citing intelligence sources, says an Israeli government cyberattack was responsible for the shutdown of an Iranian nuclear power facility on Sunday in what Iran describes as an act of "sabotage.

article thumbnail

How to Log In to Your Devices Without Passwords

WIRED Threat Level

You can use your face, fingerprint, or a wearable to get access to your gadgets. It saves you some typing—and makes you feel like a spy.

Passwords 104
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Data Governance Maturity and Tracking Progress

erwin

Data governance is best defined as the strategic, ongoing and collaborative processes involved in managing data’s access, availability, usability, quality and security in line with established internal policies and relevant data regulations. erwin recently hosted the third in its six-part webinar series on the practice of data governance and how to proactively deal with its complexities.

article thumbnail

ParkMobile Breach Exposes License Plate Data, Mobile Numbers of 21M Users

Krebs on Security

Someone is selling account information for 21 million customers of ParkMobile , a mobile parking app that’s popular in North America. The stolen data includes customer email addresses, dates of birth, phone numbers, license plate numbers, hashed passwords and mailing addresses. KrebsOnSecurity first heard about the breach from Gemini Advisory , a New York City based threat intelligence firm that keeps a close eye on the cybercrime forums.

Passwords 363
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Cofense and StrikeForce Announce Acquisitions

Data Breach Today

Meanwhile, OneTrust Receives Additional Funding Email security provider Cofense and data security firm StrikeForce Technologies both have announced strategic acquisitions this pas week. Meanwhile, data protection firm OneTrust received additional funding.

Security 361

More Trending

article thumbnail

GUEST ESSAY: ‘Identity Management Day’ highlights the importance of securing digital IDs

The Last Watchdog

The second Tuesday of April has been christened “ Identity Management Day ” by the Identity Defined Security Alliance, a trade group that provides free, vendor-neutral cybersecurity resources to businesses. Related: The role of facial recognition. Today, indeed, is a good a time as any to raise awareness about cyber exposures that can result from casually or improperly managing and securing digital identities.

Security 191
article thumbnail

Microsoft Patch Tuesday, April 2021 Edition

Krebs on Security

Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server — the same systems that have been besieged by attacks on four separate (and zero-day) bugs in the email software over the past month. Redmond also patched a Windows flaw that is actively being exploited in the wild.

article thumbnail

Biden Seeks to Boost CISA's Budget by $110 Million

Data Breach Today

Additional Money Would Address Range of Cybersecurity Issues President Joe Biden is asking Congress to boost CISA's budget by $110 million in 2021 to allow the agency to address a range of cybersecurity issues following several high-profile incidents that have happened in the past six months.

article thumbnail

Protecting or Posturing: What's Acceptable in New Data Privacy Practices

AIIM

Technology and apps that are helping to prevent illness, accidents, and crime also happen to collect a vast amount of personal data. Similarly, some of the video conferencing and collaboration platforms that we knowledge workers are all too familiar with are now using artificial intelligence to recognize participants and their behaviors. Are these new features a boost to efficiency and convenience or simply the latest attempt by providers to push the boundaries between convenience and intrusion?

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Critical RCE can allow attackers to compromise Juniper Networks devices

Security Affairs

Cybersecurity provider Juniper Networks addressed a critical vulnerability that could be exploited by attackers to remotely hijack or disrupt vulnerable devices. Cybersecurity vendor Juniper Networks addressed a critical vulnerability in Junos OS , tracked as CVE-2021-0254, that could allow an attacker to remotely hijack or disrupt affected devices.

article thumbnail

The FBI Is Now Securing Networks Without Their Owners’ Permission

Schneier on Security

In January, we learned about a Chinese espionage campaign that exploited four zero-days in Microsoft Exchange. One of the characteristics of the campaign, in the later days when the Chinese probably realized that the vulnerabilities would soon be fixed, was to install a web shell in compromised networks that would give them subsequent remote access.

Security 145
article thumbnail

Unscripted: 3 Security Leaders Dissect Today's Top Trends

Data Breach Today

Edna Conway, Wendy Nather and Michelle Dennedy on SASE, CIAM and Supply Chain Risk No script, no filter: Just Microsoft’s Edna Conway and Cisco’s Wendy Nather gathering with privacy leader Michelle Dennedy to discuss the impact of the SolarWinds supply chain attack and to play "Buzzword Mystery Date" with SASE, CIAM and "passwordless" authentication - are these trends dreamboats or duds?

article thumbnail

100M More IoT Devices Are Exposed—and They Won't Be the Last

WIRED Threat Level

The Name:Wreck flaws in TCP/IP are the latest in a series of vulnerabilities with global implications.

IoT 145
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Joker malware infected 538,000 Huawei Android devices

Security Affairs

More than 500,000 Huawei users have been infected with the Joker malware after downloading apps from the company’s official Android store. More than 500,000 Huawei users were infected with the Joker malware after they have downloaded tainted apps from the company’s official Android store. The fight to the Joker malware (aka Bread) begun in September 2019 when security experts at Google removed from the official Play Store 24 apps because they were infected with a new spyware tracked as “ the Jok

article thumbnail

Updating your data protection documentation following Brexit

IT Governance

The UK data protection landscape is a lot more complex following Brexit. Many organisations are now subject to both the EU GDPR (General Data Protection Regulation) and the UK GDPR (General Data Protection). The UK version was born out of the EU GDPR, so you might think that there are only cosmetic differences and that minor actions are required to adjust your documentation and compliance practices.

GDPR 144
article thumbnail

Texas Man Charged With Planning to Bomb AWS Data Center

Data Breach Today

DOJ: Suspect Believed He Could Disrupt 70% of Internet Traffic A Texas man is facing a federal charge after he allegedly tried to buy explosives from an undercover FBI agent to bomb an AWS data center in Virginia, according to the Justice Department. The suspect believed the bombing could interrupt 70% of internet traffic, prosecutors say.

352
352
article thumbnail

Oh Look, LinkedIn Also Has a 500M User Data Leak

WIRED Threat Level

Plus: A bad Zoom bug, a billion-dollar cocaine bust, and more of the week's top security news.

Security 144
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

For the second time in a week, a Google Chromium zero-day released online

Security Affairs

For the second time in a week, a Chromium zero-day remote code execution exploit code has been released on Twitter, multiple browsers impacted. A new Chromium zero-day remote code execution exploit has been released on Twitter this week, kile the previous one that affects current versions of Google Chrome, Microsoft Edge, and likely other Chromium-based browsers.

Security 145
article thumbnail

DNI’s Annual Threat Assessment

Schneier on Security

The office of the Director of National Intelligence released its “ Annual Threat Assessment of the U.S. Intelligence Community.” Cybersecurity is covered on pages 20-21. Nothing surprising: Cyber threats from nation states and their surrogates will remain acute. States’ increasing use of cyber operations as a tool of national power, including increasing use by militaries around the world, raises the prospect of more destructive and disruptive cyber activity.

Military 144
article thumbnail

Modern Bank Heists: Attackers Go Beyond Account Takeover

Data Breach Today

Tom Kellermann of VMware Carbon Black on Fraud Trends and Essential Defenses Brokerage account takeover, supply chain attacks, destructive attacks and those that seek to manipulate time or time stamps are among the latest threats uncovered in the new Modern Bank Heists report authored by Tom Kellermann at VMware Carbon Black.

344
344
article thumbnail

EDPB Gives the Green Light to the Commission’s Draft UK Adequacy Decisions

Data Matters

On 13 April 2021, the European Data Protection Board ( EDPB ) adopted two Opinions on the draft UK adequacy decisions: (i) Opinion 14/2021 for transfers of personal data under the EU General Data Protection Regulation ( EU GDPR ); and (ii) Opinion 15/2021 for transfers of personal data under the Law Enforcement Directive ( LED ). Whilst the Opinions have not yet been published, the EDPB has confirmed in a press release that it has identified “ many aspects [of the UK data protection framework] t

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Personal data of 1.3 million Clubhouse users leaked online

Security Affairs

An SQL database containing the personal data of 1.3 million Clubhouse users was leaked online for free, a few days after LinkedIn and Facebook suffered similar leaks. Researchers from Cyber News have discovered that the personal data of 1.3 million Clubhouse users was leaked online days after LinkedIn and Facebook also suffered data leaks. The experts found an ad on a hacker forum offering for free a SQL database containing 1.3 million scraped Clubhouse user records. “Days after scraped da

article thumbnail

More Biden Cybersecurity Nominations

Schneier on Security

News : President Biden announced key cybersecurity leadership nominations Monday, proposing Jen Easterly as the next head of the Cybersecurity and Infrastructure Security Agency and John “Chris” Inglis as the first ever national cyber director (NCD). I know them both, and think they’re both good choices. More news.

article thumbnail

Microsoft Patches 4 Additional Exchange Flaws

Data Breach Today

NSA Calls on Exchange Customers to Update Immediately Microsoft issued patches for its on-premises Exchange Server software, addressing four new critical vulnerabilities discovered by the National Security Agency. A zero-day vulnerability in Desktop Window Manager was also disclosed and patched.

Security 340
article thumbnail

Data Breaches, Class Actions and Ambulance Chasing

Troy Hunt

This post has been brewing for a while, but the catalyst finally came after someone (I'll refer to him as Jimmy) recently emailed me regarding the LOQBOX data breach from 2020. Their message began as follows: I am currently in the process of claiming compensation for a severe data breach which occurred on the 20th February 2020 Now I'll be honest - I had to Google this one.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

This man was planning to kill 70% of Internet in a bomb attack against AWS

Security Affairs

The FBI arrested a man for allegedly planning a bomb attack against Amazon Web Services (AWS) to kill about 70% of the internet. The FBI arrested Seth Aaron Pendley (28), from Texas, for allegedly planning to launch a bomb attack against Amazon Web Services (AWS) data center on Smith Switch Road in Ashburn, Virginia. The man was attempting to buy C-4 plastic explosives from an undercover FBI employee, the explosive would have been used to destroy the data center and kill about 70% of the interne

article thumbnail

Ransomware Attack Creates Cheese Shortages in Netherlands

Threatpost

Not a Gouda situation: An attack on a logistics firm is suspected to be related to Microsoft Exchange server flaw.

article thumbnail

Facebook Tries to 'Scrape' Its Way Through Another Breach

Data Breach Today

Social Network Attempts 'Not Hacking' Spin on Theft of 533 Million Users' Details Facebook has been attempting to dismiss the appearance of a massive trove of user data by claiming it wasn't hacked, but scraped. No matter how the theft is characterized, 533 million users have just learned that their nonpublic profile details were stolen and sold to fraudsters.

IT 338