Sat.Jul 02, 2022 - Fri.Jul 08, 2022

article thumbnail

US Government Picks Quantum-Resistant Encryption Algorithms

Data Breach Today

Quantum Computers That Use Atom-Level States of Uncertainty Are a Matter of Time The National Institute of Standards and Technology today announced a first group of encryption algorithms designed to withstand the assault of a future quantum computer. Selection of the four algorithms comes after six years of evaluation by the U.S. federal agency.

article thumbnail

GUEST ESSAY: Rising cyber risks make business intelligence gathering more vital than ever

The Last Watchdog

Gathering intelligence has always been a key tool for organisational decision making – understanding the external operating environment is the ‘101’ for business. How can you grasp the challenges and opportunities for your company without a deep understanding of all the contributing factors that make the company tick? Related: We’re in the golden age of cyber espionage.

Risk 279
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Worst Hacks and Breaches of 2022 So Far

WIRED Threat Level

From cryptocurrency thefts to intrusions into telecom giants, state-backed attackers have had a field day in the year’s first half.

Privacy 120
article thumbnail

Passkeys

Imperial Violet

The presentations are out now ( Google I/O , WWDC ): we're making a push to take WebAuthn to the masses. WebAuthn has been working reasonably well for enterprises and technically adept users. But we were not going to see broad adoption while the model was that you had to purchase a pair of security keys, be sure to register the backup on every site, yet also keep it in a fire safe.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

British Army's Twitter and YouTube Accounts Hijacked

Data Breach Today

Army Apologizes for Temporary Interruption; Full Investigation Underway The Twitter and YouTube accounts of the British Army were briefly taken over on Sunday evening by unidentified hacker(s) who posted content related to cryptocurrency and NFTs. The situation has now been resolved, but the U.K. Ministry of Defense says investigation is ongoing.

330
330

More Trending

article thumbnail

Best Disaster Recovery Solutions for 2022

eSecurity Planet

Disaster recovery (DR) and business continuity have been an essential aspect of enterprise IT for decades. Whether it’s earthquakes, floods, or power outages, DR is there to ensure operations can continue. But more recently, a lot more has been put on the DR plate. Ransomware has now emerged as one of the key reasons to have a DR plan and DR technology in place.

article thumbnail

FTC Provides Update on Security and Privacy Rulemaking Process

Hunton Privacy

On June 22, 2022, the Federal Trade Commission submitted an updated abstract to the Office of Information and Regulatory Affairs indicating that it is considering initiating a rulemaking under Section 18 of the FTC Act to curb lax security practices, limit privacy abuses, and ensure that algorithmic decision-making does not result in unlawful discrimination.

Privacy 133
article thumbnail

SHI Malware Attack Knocks Website, Email Offline for Days

Data Breach Today

SHI Took Its Public Websites and Email Offline to Assess the System Integrity A "coordinated and professional malware attack" against SHI left the company without email or public websites for days while the hack was investigated. SHI took its public websites and email offline after being hit during the July Fourth holiday weekend to assess the integrity of those systems.

IT 319
article thumbnail

North Korea-linked APTs use Maui Ransomware to target the Healthcare industry

Security Affairs

US authorities have issued a joint advisory warning of North Korea-linked APTs using Maui ransomware in attacks against the Healthcare sector. The FBI, CISA, and the U.S. Treasury Department issued a joint advisory that warn of North-Korea-linked threat actors using Maui ransomware in attacks aimed at organizations in the Healthcare sector. “The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury (Treasury) are

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

New Quantum-safe Cryptography Standards Arrive None Too Soon

eSecurity Planet

A six-year quantum cryptography competition just ended, producing four new security standards selected by the U.S. Department of Commerce’s National Institute of Standards and Technology. The announcement comes on the heels of a few major strides in quantum computing accessibility and speed—and may hopefully stave off the growing quantum security threat.

article thumbnail

New WhatsApp Scam Uses Call Forwarding Social Engineering to Hijack Accounts

KnowBe4

This is a great example of how even the simplest of social engineering tactics can be used as the first step in a likely-larger scam.

131
131
article thumbnail

Unknown Hacker Steals Data of a Billion Chinese Citizens

Data Breach Today

Data Has Been Put on Sale for 10 Bitcoin, Equivalent to About $200,000 A misconfigured Alibaba private cloud server has led to the leak of around one billion Chinese nationals' personal details. An unknown hacker, identified as "ChinaDan", posted an advertisement on a hacker forum selling 23 terabytes of data for 10 bitcoin, equivalent to about $200,000.

Sales 278
article thumbnail

Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free

Security Affairs

Emsisoft has released a free decryption tool that allows victims of the AstraLocker and Yashma ransomware to recover their files without paying a ransom. Cybersecurity firm Emsisoft released a free decryptor tool that allows victims of the AstraLocker and Yashma ransomware to recover their files without paying a ransom. The security firm states that the AstraLocker decryptor works for ransomware versions based on the Babuk malware that appends the.Astra or.babyk extensions to the name of the enc

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Hack Allows Drone Takeover Via ‘ExpressLRS’ Protocol

Threatpost

A radio control system for drones is vulnerable to remote takeover, thanks to a weakness in the mechanism that binds transmitter and receiver.

126
126
article thumbnail

Cybersecurity Has a Talent Shortage & Non-Technical People Offer a Way Out

Dark Reading

It's time to tap the large reservoir of talent with analytical skills to help tackle cybersecurity problems. Train workers in cybersecurity details while using their ability to solve problems.

article thumbnail

Russian Hackers Target Private Ukrainian Energy Firm

Data Breach Today

DTEK Group Alleges Russian Hackers/Military Behind Hybrid Attacks Ukrainian private energy firm DTEK group alleges that the Russian federation has carried out a cyberattack against its facilities, crippling its infrastructure in retaliation for its owners' support of the country in its war against Russian invaders.

Military 278
article thumbnail

Cyberattacks against law enforcement are on the rise

Security Affairs

Experts observed an increase in malicious activity targeting law enforcement agencies at the beginning of Q2 2022. Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 500 companies worldwide, has registered an increase in malicious activity targeting law enforcement agencies at the beginning of Q2 2022. Threat actors are hacking email and other accounts which belong to police officers and their internal systems.

Risk 142
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Ubiquitous Surveillance by ICE

Schneier on Security

Report by Georgetown’s Center on Privacy and Technology published a comprehensive report on the surprising amount of mass surveillance conducted by Immigration and Customs Enforcement (ICE). Our two-year investigation, including hundreds of Freedom of Information Act requests and a comprehensive review of ICE’s contracting and procurement records, reveals that ICE now operates as a domestic surveillance agency.

Privacy 125
article thumbnail

Cloud Misconfig Exposes 3TB of Sensitive Airport Data in Amazon S3 Bucket: 'Lives at Stake'

Dark Reading

The unsecured server exposed more than 1.5 million files, including airport worker ID photos and other PII, highlighting the ongoing cloud-security challenges worldwide.

Cloud 123
article thumbnail

ISMG Editors: What's the Status of the SBOM?

Data Breach Today

Also: Highlights From ISMG's Upcoming Healthcare Summit Four ISMG editors discuss important cybersecurity issues, including the hot topics at ISMG roundtable discussions - such as challenges around software supply chain security, highlights from ISMG's upcoming Healthcare Summit, and how some cybersecurity vendors are creating their own venture funds.

article thumbnail

New Hive ransomware variant is written in Rust and use improved encryption method

Security Affairs

Hive ransomware operators have improved their file-encrypting module by migrating to Rust language and adopting a more sophisticated encryption method. The operators of the Hive ransomware upgraded their malware by migrating the malware to the Rust language and implementing a more sophisticated encryption method, Microsoft researchers warn. “The upgrades in the latest variant are effectively an overhaul: the most notable changes include a full code migration to another programming language

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

[Scam of the Week] Amazon Prime Day or Amazon Crime Day? Don’t Fall Victim to Phishing

KnowBe4

As Amazon Prime Day approaches, Checkpoint research is sending a warning that Amazon Prime Day scams will ramp up very soon.

Phishing 122
article thumbnail

Buggy 'Log in With Google' API Implementation Opens Crypto Wallets to Account Takeover

Dark Reading

Improper implementations of authentication APIs at a global crypto wallet service provider could have resulted in the loss of account control — and millions of dollars — from personal and business accounts.

article thumbnail

Evilnum Hacking Group Updates TTPs Targeting Fintech

Data Breach Today

Group Now Uses MS Office Word Documents to Deliver Payload The Evilnum hacking group has updated its tactics, techniques and procedures, now uses MS Office Word documents and leverages document template injection to deliver malicious payloads to its victims' machines. First seen in 2018, the group mainly targets fintech firms in the U.K. and Europe.

IT 254
article thumbnail

Large-scale cryptomining campaign is targeting the NPM JavaScript package repository

Security Affairs

Researchers uncovered a large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. Checkmarx researchers spotted a new large-scale cryptocurrency mining campaign, tracked as CuteBoi , that is targeting the NPM JavaScript package repository. Threat actors behind the campaign published 1,283 malicious modules in the repository and used over 1,000 different user accounts.

Mining 141
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

CyberheistNews Vol 12 #27 [New FBI and CISA Alert] This Ransomware Strain Uses RDP Flaws to Hack Into Your Network

KnowBe4

article thumbnail

What Is a Firewall and Do you Need One?

Adam Levin

A firewall is a network security device or program designed to prevent unauthorized and malicious internet traffic from entering a private network or device. It is a digital safety barrier between public and private internet connections, allowing non-threatening traffic in and keeping malicious traffic out, which in theory includes malware and hackers.

Security 119
article thumbnail

Swimlane Raises $70M to Grow Security Automation Outside US

Data Breach Today

Swimlane Wants to Expand in Europe and Asia as well as Outside the Fortune 2000 Swimlane has raised $70 million to expand its clientele beyond the Fortune 2000 and acquire more customers in Europe and Asia-Pacific. The company plans to hire more personnel focused on sales, marketing and partnerships to make the company's low-code security automation platform accessible.

Security 246