Schneier on Security
JANUARY 17, 2023
No details , though: According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts “unofficial propaganda and photographs related to ISIS” multiple times on May 14, 2019. In virtue of being a dark web site—that is, one hosted on the Tor anonymity network—it should have been difficult for the site owner’s or a third party to determine the real IP address of any of the site’s visitors.
Krebs on Security
JANUARY 19, 2023
T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts. Image: customink.com In a filing today with the U.S.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
JANUARY 16, 2023
And They’ll Continue to Do So Until Authorities Better Disrupt Them - But How? Pity the overworked ransomware gang - say, LockBit - that just "discovered" one of its affiliates hit Britain's postal service. But until Western governments find a way to truly disrupt the ransomware business model, operators remain free to keep spouting half-truths and lies at victims' expense.
The Last Watchdog
JANUARY 16, 2023
My name is Eden Zaraf. I’ve been driven by my passion for technology for as long as I can remember. Somewhere around the age of 13, I learned to code. I developed scripts, websites and got involved in security which led me to penetration testing. Related: Leveraging employees as detectors. Penetration Testing is a never-ending challenge. Five years ago, my friend Sahar Avitan began developing an automatic penetration testing tool for our own use.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Last Watchdog
JANUARY 17, 2023
To get network protection where it needs to be, legacy cybersecurity vendors have begun reconstituting traditional security toolsets. The overarching goal is to try to derive a superset of very dynamic, much more tightly integrated security platforms that we’ll very much need, going forward. Related: The rise of security platforms. This development has gained quite a bit of steam over the past couple of years with established vendors of vulnerability management (VM,) endpoint detection and respo
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
JANUARY 19, 2023
Unauthorized Party Obtained Access to Company API for Approximately 6 Weeks T-Mobile disclosed Thursday that hackers had access for approximately 6 weeks to an application programming interface that exposed customer data including names, dates of birth and email addresses. No payment information or passwords were part of the breach, the company said.
eSecurity Planet
JANUARY 20, 2023
CyberArk researchers are warning that OpenAI’s popular new AI tool ChatGPT can be used to create polymorphic malware. “[ChatGPT]’s impressive features offer fast and intuitive code examples, which are incredibly beneficial for anyone in the software business,” CyberArk researchers Eran Shimony and Omer Tsarfati wrote this week in a blog post that was itself apparently written by AI. “However, we find that its ability to write sophisticated malware that holds no mali
Troy Hunt
JANUARY 19, 2023
It's fascinating to see how creative people can get with breached data. Of course there's all the nasty stuff (phishing, identity theft, spam), but there are also some amazingly positive uses for data illegally taken from someone else's system. When I first built Have I Been Pwned (HIBP), my mantra was to "do good things after bad things happen" And arguably, it has, largely by enabling individuals and organisations to learn of their own personal exposure in breaches.
Dark Reading
JANUARY 19, 2023
The credential-stuffing attack, likely fueled by password reuse, yielded personal identifiable information that can be used to verify the authenticity of previously stolen data.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Data Breach Today
JANUARY 16, 2023
Norway's DNV Shuts Down IT Servers, Investigates Attack A maker of software used to manage shipping vessel operations says it has shut down its servers after detecting a ransomware attack. Norwegian classification society DNV, maker of ShipManager software, says onboard software functionally continues to operate.
eSecurity Planet
JANUARY 19, 2023
Despite challenges faced by Meta and others, there remains optimism for the metaverse. The PwC 2022 U.S. Business and Consumer Metaverse Survey highlights this. The survey, which included over 5,000 consumers and 1,000 U.S. business leaders, shows that half of consumers consider the metaverse to be exciting, and 66% of executives say their companies are actively engaged with it.
Hunton Privacy
JANUARY 20, 2023
On January 20, 2023, The Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth published “Digital Assets and Privacy,” a discussion paper compiling insights from workshops with CIPL member companies that explored the intersection of privacy and digital assets, with a particular focus on blockchain technology. The paper includes recommendations for developing coherent, tech-friendly, future-focused, and pragmatic regulations and policies.
KnowBe4
JANUARY 20, 2023
An unusual phishing technique has surfaced this week. Avanan, a Check Point Software company, released a blog Thursday morning detailing a new attack in which hackers hide malicious content inside a blank image within an HTML attachment in phishing emails claiming to be from DocuSign.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Data Breach Today
JANUARY 18, 2023
Massive Profit Potential and Robust Initial Access Market Keep Fueling Ecosystem Ransomware syndicates continue to earn massive profits for criminals while disrupting victims' operations worldwide. Security researchers tracking known victims say their numbers remain unchanged from 2021 to 2022, as attackers tap abundant cybercrime services to help amass fresh victims.
Schneier on Security
JANUARY 20, 2023
From an article about Zheng Xiaoqing, an American convicted of spying for China: According to a Department of Justice (DOJ) indictment, the US citizen hid confidential files stolen from his employers in the binary code of a digital photograph of a sunset, which Mr Zheng then mailed to himself.
Dark Reading
JANUARY 19, 2023
The "BoldMove" backdoor demonstrates a high level of knowledge of FortiOS, according to Mandiant researchers, who said the attacker appears to be based out of China.
Hanzo Learning Center
JANUARY 17, 2023
It’s that time of year again when people are pulling out their crystal balls and doing their best to predict the future of what we’ll see in the ediscovery industry in 2023. I mean who doesn’t want to know what to look out for down the road? So in that spirit, here are some things Hanzo has been paying attention to as we move into a new year.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Data Breach Today
JANUARY 20, 2023
Since Hydra Market Got Shuttered by Police, Russian Rivals Battle for Market Share Competition between rival Russian-language darknet markets remains fierce since police shuttered Hydra last year. The latest to fall dark is Solaris, which controlled an estimated 25% of the darknet drug trade. It got hacked by newcomer rival Kraken. But that wasn't Solaris' only problem.
Hunton Privacy
JANUARY 18, 2023
On January 16, 2023, the Directive on measures for a high common level of cybersecurity across the Union (the “NIS2 Directive”) and the Directive on the resilience of critical entities (“CER Directive”) entered into force. The NIS2 Directive repeals the current NIS Directive and creates a more extensive and harmonized set of rules on cybersecurity for organizations carrying out their activities within the European Union.
Dark Reading
JANUARY 17, 2023
Security professionals must update their skill sets and be proactive to stay ahead of cybercriminals. It's time to learn to think and act like an attacker to cope with the cyber "new normal.
WIRED Threat Level
JANUARY 20, 2023
Research shows that relatively few people exist in perfectly sealed-off media bubbles—but they’re still having an outsize impact on US politics.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Data Breach Today
JANUARY 16, 2023
Thomas Shares How the IntSights Acquisition Made Threat Intelligence Actionable The IntSights deal has allowed Rapid7 to offer more visibility into the threat landscape and target the phishing infrastructure used by hackers. The deal has helped Rapid7 determine the spoofed domains and the employees and social media accounts that adversaries have targeted, CEO Corey Thomas says.
IT Governance
JANUARY 16, 2023
Physical security in the workplace is a dying artform. With our growing reliance on technology and the rise in remote working, we are leaning more on cyber security and neglecting the protection of tangible assets. Although many workers still go into the office on a full- or part-time basis, our workforces are for the most part diffuse. Instead of individual desks in a single space, the office is now spread across the country and linked by home offices, Cloud services, videoconferencing software
Dark Reading
JANUARY 17, 2023
The latest critical bug is exploitable in dozens of ManageEngine products and exposes systems to catastrophic risks, researchers warn.
Schneier on Security
JANUARY 14, 2023
This is a current list of where and when I am scheduled to speak: I’m speaking at Capricon , a four-day science fiction convention in Chicago. My talk is on “The Coming AI Hackers” and will be held Friday, February 3 at 1:00 PM. The list is maintained on this page.
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
Data Breach Today
JANUARY 15, 2023
Meta Says Firm Used Fake Accounts to Gather Information on 600K Facebook Users Meta says it is taking legal action against scraping-for-hire service provider Voyager Labs for allegedly using fake accounts to copy data accessible about users when logged into Facebook, Instagram and other websites. The social media firms says it closed 60,000 fake accounts.
IT Governance
JANUARY 19, 2023
NortonLifeLock customers have been warned that their accounts may have been compromised in a security breach. The company, which specialises in antivirus software and identity theft protection, said that 925,000 people were targeted in a credential-stuffing attack. Customers’ full names, phone numbers and mailing addresses are thought to have been exposed in the incident.
Dark Reading
JANUARY 18, 2023
Threat actors are diversifying across all aspects to attack critical infrastructure, muddying the threat landscape, and forcing industrial organizations to rethink their security.
Expert insights. Personalized for you.
140 
Let's personalize your content