Schneier on Security
JANUARY 17, 2023
No details , though: According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts “unofficial propaganda and photographs related to ISIS” multiple times on May 14, 2019. In virtue of being a dark web site—that is, one hosted on the Tor anonymity network—it should have been difficult for the site owner’s or a third party to determine the real IP address of any of the site’s visitors.
Krebs on Security
JANUARY 19, 2023
T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts. Image: customink.com In a filing today with the U.S.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
JANUARY 16, 2023
And They’ll Continue to Do So Until Authorities Better Disrupt Them - But How? Pity the overworked ransomware gang - say, LockBit - that just "discovered" one of its affiliates hit Britain's postal service. But until Western governments find a way to truly disrupt the ransomware business model, operators remain free to keep spouting half-truths and lies at victims' expense.
The Last Watchdog
JANUARY 16, 2023
My name is Eden Zaraf. I’ve been driven by my passion for technology for as long as I can remember. Somewhere around the age of 13, I learned to code. I developed scripts, websites and got involved in security which led me to penetration testing. Related: Leveraging employees as detectors. Penetration Testing is a never-ending challenge. Five years ago, my friend Sahar Avitan began developing an automatic penetration testing tool for our own use.
Advertiser: ZoomInfo
AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.
The Last Watchdog
JANUARY 17, 2023
To get network protection where it needs to be, legacy cybersecurity vendors have begun reconstituting traditional security toolsets. The overarching goal is to try to derive a superset of very dynamic, much more tightly integrated security platforms that we’ll very much need, going forward. Related: The rise of security platforms. This development has gained quite a bit of steam over the past couple of years with established vendors of vulnerability management (VM,) endpoint detection and respo
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
WIRED Threat Level
JANUARY 20, 2023
Research shows that relatively few people exist in perfectly sealed-off media bubbles—but they’re still having an outsize impact on US politics.
Data Breach Today
JANUARY 18, 2023
Massive Profit Potential and Robust Initial Access Market Keep Fueling Ecosystem Ransomware syndicates continue to earn massive profits for criminals while disrupting victims' operations worldwide. Security researchers tracking known victims say their numbers remain unchanged from 2021 to 2022, as attackers tap abundant cybercrime services to help amass fresh victims.
Security Affairs
JANUARY 20, 2023
An alleged Chinese threat actor was observed exploiting the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN. Researchers from Mandiant reported that suspected Chinese threat actors exploited the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN as a zero-day. According to the security firm, the vulnerability was exploited in attacks against a series of targets, including a European government entity and a managed service provider located in Africa.
eSecurity Planet
JANUARY 20, 2023
CyberArk researchers are warning that OpenAI’s popular new AI tool ChatGPT can be used to create polymorphic malware. “[ChatGPT]’s impressive features offer fast and intuitive code examples, which are incredibly beneficial for anyone in the software business,” CyberArk researchers Eran Shimony and Omer Tsarfati wrote this week in a blog post that was itself apparently written by AI. “However, we find that its ability to write sophisticated malware that holds no mali
Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage
When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m
WIRED Threat Level
JANUARY 18, 2023
Animal rights activists have captured the first hidden-camera video from inside a carbon dioxide “stunning chamber” in a US meatpacking plant.
Data Breach Today
JANUARY 19, 2023
Unauthorized Party Obtained Access to Company API for Approximately 6 Weeks T-Mobile disclosed Thursday that hackers had access for approximately 6 weeks to an application programming interface that exposed customer data including names, dates of birth and email addresses. No payment information or passwords were part of the breach, the company said.
Security Affairs
JANUARY 20, 2023
PayPal is sending out data breach notifications to thousands of users because their accounts were compromised through credential stuffing attacks. PayPal announced that 34942 customers’ accounts have been compromised between December 6 and December 8. The company added that the unauthorized accessed were the result of credential stuffing attacks and that its systems were not breached.
eSecurity Planet
JANUARY 19, 2023
Despite challenges faced by Meta and others, there remains optimism for the metaverse. The PwC 2022 U.S. Business and Consumer Metaverse Survey highlights this. The survey, which included over 5,000 consumers and 1,000 U.S. business leaders, shows that half of consumers consider the metaverse to be exciting, and 66% of executives say their companies are actively engaged with it.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
WIRED Threat Level
JANUARY 16, 2023
Cupertino puts privacy first in a lot of its products. But the company still gathers a bunch of your information.
Data Breach Today
JANUARY 16, 2023
Norway's DNV Shuts Down IT Servers, Investigates Attack A maker of software used to manage shipping vessel operations says it has shut down its servers after detecting a ransomware attack. Norwegian classification society DNV, maker of ShipManager software, says onboard software functionally continues to operate.
Security Affairs
JANUARY 19, 2023
A high-severity flaw (CVE-2023-20010) was found in Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition. Cisco fixed a high-severity SQL injection flaw, tracked as CVE-2023-20010 (CVSS score of 8.1), in Unified Communications Manager and Unified Communications Manager Session Management Edition. Unified Communications Manager solutions provide reliable, secure, scalable, and manageable call control and session management.
Dark Reading
JANUARY 18, 2023
The powerful AI bot can produce malware without malicious code, making it tough to mitigate.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
WIRED Threat Level
JANUARY 19, 2023
Some 1,700 spoofed apps, 120 targeted publishers, 12 billion false ad requests per day—Vastflux is one of the biggest ad frauds ever discovered.
Data Breach Today
JANUARY 20, 2023
Since Hydra Market Got Shuttered by Police, Russian Rivals Battle for Market Share Competition between rival Russian-language darknet markets remains fierce since police shuttered Hydra last year. The latest to fall dark is Solaris, which controlled an estimated 25% of the darknet drug trade. It got hacked by newcomer rival Kraken. But that wasn't Solaris' only problem.
Security Affairs
JANUARY 19, 2023
Researchers found a new critical remote code execution (RCE) flaw impacting multiple services related to Microsoft Azure. Researchers from Ermetic found a remote code execution flaw, dubbed EmojiDeploy, that impacts Microsoft Azure services and other cloud services including Function Apps, App Service and Logic Apps. The issue is achieved through CSRF (Cross-site request forgery) on the ubiquitous SCM service Kudu.
Troy Hunt
JANUARY 19, 2023
It's fascinating to see how creative people can get with breached data. Of course there's all the nasty stuff (phishing, identity theft, spam), but there are also some amazingly positive uses for data illegally taken from someone else's system. When I first built Have I Been Pwned (HIBP), my mantra was to "do good things after bad things happen" And arguably, it has, largely by enabling individuals and organisations to learn of their own personal exposure in breaches.
Advertiser: ZoomInfo
ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!
WIRED Threat Level
JANUARY 20, 2023
The mobile operator just suffered at least its fifth data breach since 2018, despite promising to spend a fortune shoring up its systems.
Data Breach Today
JANUARY 16, 2023
Thomas Shares How the IntSights Acquisition Made Threat Intelligence Actionable The IntSights deal has allowed Rapid7 to offer more visibility into the threat landscape and target the phishing infrastructure used by hackers. The deal has helped Rapid7 determine the spoofed domains and the employees and social media accounts that adversaries have targeted, CEO Corey Thomas says.
Security Affairs
JANUARY 19, 2023
US CISA added the vulnerability CVE-2022-44877 in CentOS Control Web Panel utility to its Known Exploited Vulnerabilities Catalog. The US CISA added the Centos Web Panel 7 unauthenticated remote code execution flaw ( CVE-2022-44877 ) to its Known Exploited Vulnerabilities Catalog. The flaw impacts the software before 0.9.8.1147, it was addressed with the release of 0.9.8.1147 version on October 25, 2022.
Schneier on Security
JANUARY 20, 2023
From an article about Zheng Xiaoqing, an American convicted of spying for China: According to a Department of Justice (DOJ) indictment, the US citizen hid confidential files stolen from his employers in the binary code of a digital photograph of a sunset, which Mr Zheng then mailed to himself.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
WIRED Threat Level
JANUARY 20, 2023
New research from Cloudflare shows that connectivity disruptions are becoming a problem around the globe, pointing toward a troubling new normal.
Data Breach Today
JANUARY 15, 2023
Meta Says Firm Used Fake Accounts to Gather Information on 600K Facebook Users Meta says it is taking legal action against scraping-for-hire service provider Voyager Labs for allegedly using fake accounts to copy data accessible about users when logged into Facebook, Instagram and other websites. The social media firms says it closed 60,000 fake accounts.
Security Affairs
JANUARY 19, 2023
Researchers released Proof-of-concept exploit code for remote code execution flaw CVE-2022-47966 impacting multiple Zoho ManageEngine products. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The issue also impacts products that had the feature enabled in the past.
Expert insights. Personalized for you.
145 
Let's personalize your content