Data Breach Today
SEPTEMBER 7, 2022
Hacked Accounts May Have Made District an Easy Ransomware Target The Labor Day weekend ransomware attack against Los Angeles Unified School District is drawing serious attention from the U.S. government, which has dispatched the FBI. The attack vector is unknown, but nearly two dozen compromised district accounts appeared on the Dark Web in the months leading up to the attack.
The Last Watchdog
SEPTEMBER 7, 2022
Finally, Uncle Sam is compelling companies to take cybersecurity seriously. Related: How the Middle East paved the way to CMMC. Cybersecurity Maturity Model Certification version 2.0 could take effect as early as May 2023 mandating detailed audits of the cybersecurity practices of any company that hopes to do business with the Department of Defense.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Dark Reading
SEPTEMBER 8, 2022
From analyzing your company's risk profile to knowing where keys are stored and who can access them, prioritize key clean-up and management. Make compliance an outcome and develop a risk management strategy.
Data Breach Today
SEPTEMBER 8, 2022
PSG Funding Will Enable Bitwarden to Get into Passwordless and Developer Secrets Bitwarden has raised $100 million to expand into new product areas including developer secrets, passwordless and privileged access management. The investment will help the firm debut new features for individual and business users and expand its footprint in Japan, Germany, France and South America.
Advertiser: ZoomInfo
AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.
The Last Watchdog
SEPTEMBER 6, 2022
Network security has been radically altered, two-plus years into the global pandemic. Related: ‘ Attack surface management’ rises to the fore. The new normal CISOs face today is something of a nightmare. They must take into account a widely scattered workforce and somehow comprehensively mitigate new and evolving cyber threats. Criminal hacking collectives are thriving, more than ever.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Krebs on Security
SEPTEMBER 9, 2022
Communities like Craigslist , OfferUp , Facebook Marketplace and others are great for finding low- or no-cost stuff that one can pick up directly from a nearby seller, and for getting rid of useful things that don’t deserve to end up in a landfill. But when dealing with strangers from the Internet, there is always a risk that the person you’ve agreed to meet has other intentions.
Data Breach Today
SEPTEMBER 9, 2022
Also: Vice Society Ransomware Gang Claims Credit for Attack The only surprising aspect of the ransomware attack against Los Angeles Unified School District is that it didn’t happen sooner. The district was warned of cybersecurity weaknesses in the 20 months leading to its ransomware attack. The Vice Society gang has claimed credit.
WIRED Threat Level
SEPTEMBER 3, 2022
Plus: An unsecured database exposed face recognition data in China, ‘Cuba’ ransomware knocks out Montenegro, and more.
Security Affairs
SEPTEMBER 3, 2022
Electronics giant Samsung has confirmed a new data breach after some of its US systems were compromised in July. After the attack that hit the company in late July 2022, Samsung disclosed a data breach. The Electronics giant discovered on August 4 that threat actors have had access to its systems and exfiltrated customer personal information. The threat actors had access to Samsung customers’ names, contacts, dates of birth, product registration data, and demographic information.
Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage
When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m
Krebs on Security
SEPTEMBER 4, 2022
A 21-year-old New Jersey man has been arrested and charged with stalking in connection with a federal investigation into groups of cybercriminals who are settling scores by hiring people to carry out physical attacks on their rivals. Prosecutors say the defendant recently participated in several of these schemes — including firing a handgun into a Pennsylvania home and torching a residence in another part of the state with a Molotov Cocktail.
Data Breach Today
SEPTEMBER 5, 2022
EvilProxy Bypasses MFA By Capturing Session Cookies One of the biggest challenges for cybercriminals is how to defeat multifactor authentication. New research has uncovered a criminal service called “EvilProxy” that steals session cookies to bypass MFA and compromise accounts.
WIRED Threat Level
SEPTEMBER 7, 2022
With iOS 16 and macOS Ventura, Apple is introducing passkeys—a more convenient and secure alternative to passwords.
Security Affairs
SEPTEMBER 9, 2022
Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers warned. On September 6, 2022, the Wordfence Threat Intelligence team was informed of a vulnerability being actively exploited in the BackupBuddy WordPress plugin. This plugin allows users to back up an entire WordPress installation, including theme files, pages, posts, widgets, users, and media files.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Data Matters
SEPTEMBER 6, 2022
Privacy never sleeps in California. In recent days and as California’s legislative session comes to a close, there have been a number of significant legislative and regulatory developments in the state, each of which will likely (again) change the privacy landscape in California and, by extension, the rest of the country. For businesses operating in California or whose websites, products or services reach California residents, these changes mean new compliance obligations, some of which could
Data Breach Today
SEPTEMBER 7, 2022
APT42 Operates on Behalf of the Islamic Revolutionary Guard Corps An Iranian state-sponsored group in operation since 2015 relies on highly targeted social engineering to try and attack individuals and organizations that Tehran deems enemies of the regime, says a new report from cyberthreat intelligence firm Mandiant.
WIRED Threat Level
SEPTEMBER 6, 2022
US lawmakers keep warning about the popular app. But until they can explain what makes it uniquely dangerous, it’s difficult to tailor a resolution.
Security Affairs
SEPTEMBER 8, 2022
Cisco fixed new security flaws affecting its products, including a recently disclosed high-severity issue in NVIDIA Data Plane Development Kit. The most severe issues fixed by Cisco are an unauthenticated Access to Messaging Services Vulnerability affecting Cisco SD-WAN vManage software and a vulnerability in NVIDIA Data Plane Development Kit. The two issues have been tracked as CVE-2022-20696 (CVSS score: 7.5) and CVE-2022-28199 (CVSS score: 8.6) respectively.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Troy Hunt
SEPTEMBER 8, 2022
The first time I ever wrote publicly about a company's security vulnerabilities, my boss came to have a word with me after seeing my name in the news headlines. One of the worst days I've ever had was right in the middle of the Have I Been Pwned sale process, and it left me an absolute emotional wreck. When I wrote about how I deal with online abuse, it was off the back of some pretty nasty stuff. which I've now included in this book 😊 These are the stories behind the stor
Data Breach Today
SEPTEMBER 9, 2022
Major Drama in the Online Underworld Who's been disrupting ransomware operations' data leak sites by targeting them with distributed denial-of-service attacks? No one has yet claimed credit for the ongoing disruptions and slowdowns, but one likely theory is that rival operations are attempting to cause each other pain.
WIRED Threat Level
SEPTEMBER 8, 2022
Samizdat Online syndicates banned news sites by hosting them on uncensored domains—allowing people to access independent reporting.
Security Affairs
SEPTEMBER 9, 2022
Iran-linked APT group DEV-0270 (aka Nemesis Kitten) is abusing the BitLocker Windows feature to encrypt victims’ devices. Microsoft Security Threat Intelligence researchers reported that Iran-linked APT group DEV-0270 ( Nemesis Kitten ) has been abusing the BitLocker Windows feature to encrypt victims’ devices. The researchers tracked multiple ransomware attacks conducted by the DEV-0270 group, which is a unit of the Iranian actor PHOSPHORUS.
Advertiser: ZoomInfo
ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!
eSecurity Planet
SEPTEMBER 3, 2022
Distributed denial-of-service (DDoS) attacks cause problems for organizations of all sizes. To fight DDoS attacks, organizations and teams need to implement the three standard phases for any IT threat: preparation, reaction, and recovery. However, to plan the phases properly, organizations need to first understand the nature of DDoS attacks and why attackers use them.
Data Breach Today
SEPTEMBER 6, 2022
K-12 Schools Increasingly Are Ransomware Targets California's largest public school district and the second-largest in the U.S. is undergoing a ransomware attack. The attack has disrupted the district's email system but fundamental school system functions - including instruction and transportation, food and after-school programs - are unaffected.
KnowBe4
SEPTEMBER 8, 2022
Researchers at Resecurity have discovered a new Phishing-as-a-Service (PhaaS) platform called “EvilProxy” that’s being offered on the dark web. EvilProxy is designed to target accounts on a variety of platforms, including Apple, Facebook, GoDaddy, GitHub, Google, Dropbox, Instagram, Microsoft, Twitter, Yahoo, Yandex.
Security Affairs
SEPTEMBER 9, 2022
US authorities recovered more than $30 million worth of cryptocurrency stolen by the North Korea-linked Lazarus APT from Axie Infinity. A joint operation conducted by enforcement and leading organizations in the cryptocurrency industry allowed to recover more than $30 million worth of cryptocurrency stolen by North Korean-linked APT group Lazarus from online video game Axie Infinity.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
eSecurity Planet
SEPTEMBER 9, 2022
Nearly a quarter of healthcare organizations hit by ransomware attacks experienced an increase in patient mortality, according to a study from Ponemon Institute and Proofpoint released today. The report , “Cyber Insecurity in Healthcare: The Cost and Impact on Patient Safety and Care,” surveyed 641 healthcare IT and security practitioners and found that the most common consequences of cyberattacks are delayed procedures and tests, resulting in poor patient outcomes for 57% of the healthcare prov
Data Breach Today
SEPTEMBER 9, 2022
In this episode of "Cybersecurity Unplugged," Mark Cristiano of Rockwell Automation discusses Rockwell's cybersecurity journey, the particular challenges of deploying cybersecurity in an OT environment, and the minimum and proper industrial protections that organizations need to have in place.
KnowBe4
SEPTEMBER 7, 2022
Anyone who has run security awareness programs for a while knows that changing human behaviour is not an easy task. And that sometimes the problem with awareness is that "awareness" alone does not automatically result in secure behavior.
Expert insights. Personalized for you.
262 
Let's personalize your content