Data Breach Today
AUGUST 30, 2023
Blame Police Crackdowns on Big Names, Hacker Thrift, Ransomware Grifters in Trouble What's behind the a profusion of reported attacks involving stolen or reused strains of ransomware? Blame a variety of factors, including law enforcement crackdowns, evolving ransomware business models and at least one case of a ransomware group leader with poor morale building skills.
Krebs on Security
SEPTEMBER 1, 2023
Domain names ending in “ US ” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because.US is overseen by the U.S. government, which is frequently the target of phishing domains ending in.US. Also,US domains are only supposed to be available to U.S. citizens and to those who can demonstrate that they have a physical presence in the United States.US is the “country code top-level doma
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
AUGUST 30, 2023
Interesting story of an Apple Macintosh app that went rogue. Basically, it was a good app until one particular update…when it went bad. With more official macOS features added in 2021 that enabled the “Night Shift” dark mode, the NightOwl app was left forlorn and forgotten on many older Macs. Few of those supposed tens of thousands of users likely noticed when the app they ran in the background of their older Macs was bought by another company, nor when earlier this year that c
The Last Watchdog
AUGUST 29, 2023
The threat of bad actors hacking into airplane systems mid-flight has become a major concern for airlines and operators worldwide. Related: Pushing the fly-by-wire envelope This is especially true because systems are more interconnected and use more complex commercial software than ever before, meaning a vulnerability in one system could lead to a malicious actor gaining access to more important systems.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Data Breach Today
SEPTEMBER 1, 2023
Bill 'Poses a serious threat' to end-to-end encryption, Apple Says U.S. tech companies are stepping up warnings to British lawmakers over a government proposal they say will fatally weaken security and privacy protections for users. The House of Lords is set to return the bill to the House of Commons after a third reading scheduled to begin Wednesday.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Security Affairs
AUGUST 31, 2023
The National Safety Council leaked thousands of emails and passwords of their members, including companies such as NASA and Tesla. The National Safety Council has leaked nearly 10,000 emails and passwords of their members, exposing 2000 companies, including governmental organizations and big corporations. The National Safety Council (NSC) is a non-profit organization in the United States providing workplace and driving safety training.
The Last Watchdog
AUGUST 28, 2023
API security has arisen as a cornerstone of securing massively interconnected cloud applications. At Black Hat USA 2023 , I had a great discussion about API security with Data Theorem COO Doug Dooley and Applovin CISO Jeremiah Kung. For a full drill down, please give the accompanying podcast a listen. As a fast-rising mobile ad network going toe-to-toe with Google and Facebook, Applovin has been acquiring advanced security tools and shaping new practices to manage its API exposures.
Data Breach Today
AUGUST 31, 2023
George Kurtz Says Clients Spot 'Point Products Masquerading as Platform Stories' CrowdStrike CEO George Kurtz said point product companies "are quickly going the way of legacy antivirus" as rivals SentinelOne and BlackBerry reportedly hunt for buyers. The endpoint security market is quickly consolidating from being "littered with dozens of companies" to just several vendors.
WIRED Threat Level
AUGUST 31, 2023
Child safety group Heat Initiative plans to launch a campaign pressing Apple on child sexual abuse material scanning and user reporting. The company issued a rare, detailed response on Thursday.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
AUGUST 28, 2023
Japan’s JPCERT warns of a new recently detected ‘MalDoc in PDF’ attack that embeds malicious Word files into PDFs. Japan’s computer emergency response team (JPCERT) has recently observed a new attack technique, called ‘MalDoc in PDF’, that bypasses detection by embedding a malicious Word file into a PDF file. The researchers explained that a file created with MalDoc in PDF has magic numbers and file structure of PDF, but can be opened in Word.
The Last Watchdog
AUGUST 30, 2023
For a couple of decades now, the web browser has endured in workplace settings as the primary employee-to-Internet interface. It’s really just assumed to be a given that a browser built for consumers is an acceptable application for employees to use to work. And despite advances, like sandboxing, browser isolation and secure gateways, the core architecture of web browsers has remained all-too vulnerable to malicious attacks.
Data Breach Today
AUGUST 30, 2023
US Funds for Regional SOC, Use of Trusted 5G Providers Follows Big 2022 Cyberattack Costa Rica will build a national cybersecurity operations center with substantial U.S. backing following a crippling cyberattack last year while also committing to using only trusted 5G providers. The State Department extended $25 million to build a virtual security operations center.
WIRED Threat Level
AUGUST 30, 2023
A WIRED investigation into a cache of documents posted by an unknown figure lays bare the Trickbot ransomware gang’s secrets, including the identity of a central member.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Security Affairs
AUGUST 31, 2023
Researchers demonstrated how attackers can abuse the Windows Container Isolation Framework to bypass endpoint security solutions. Researcher Daniel Avinoam at the recent DEF CON hacking conference demonstrated how attackers can abuse the Windows Container Isolation Framework to bypass endpoint security solutions. The expert explained that Windows OS separates the file system from each container to the host and avoids duplication of system files.
Dark Reading
SEPTEMBER 1, 2023
The sophisticated attacks, tracked as DB#JAMMER, run shell commands to impair defenses and deploy tools to establish persistence on the host.
Data Breach Today
AUGUST 30, 2023
'Spamouflage' Controlled Thousands of Facebook Pages But Struggled for Engagement Facebook parent Meta unearthed a Chinese propaganda campaign active across dozens of social media sites in what the company calls the largest known cross-platform influence operation in the world. "Spamouflage" operates across more than 50 platforms and forums.
WIRED Threat Level
AUGUST 31, 2023
Plus: Mozilla patches more than a dozen vulnerabilities in Firefox, and enterprise companies Ivanti, Cisco, and SAP roll out a slew of updates to get rid of some high-severity bugs.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
AUGUST 31, 2023
Fashion retailer Forever 21 disclosed a data breach that exposed the personal information of more than 500,000 individuals. On March 20, 2023, the fashion retailer Forever 21 has discovered a cyber incident that impacted a limited number of systems. The company immediately launched an investigation into the incident with the help of leading cybersecurity firms.
Troy Hunt
AUGUST 30, 2023
Last week I was contacted by CERT Poland. They'd observed a phishing campaign that had collected 68k credentials from unsuspecting victims and asked if HIBP may be used to help alert these individuals to their exposure. The campaign began with a typical email requesting more information: In this case, the email contained a fake purchase order attachment which requested login credentials that were then posted back to infrastructure controlled by the attacker: All in all, CERT Poland identifi
Data Breach Today
AUGUST 31, 2023
Tomer Weingarten Nixes Wiz Reselling Agreement After Not Seeing 'Any Contribution' SentinelOne CEO Tomer Weingarten hit back at endpoint security rivals CrowdStrike and Microsoft as well as rumored M&A suitor Wiz for publicly fanning acquisition flames. The endpoint security firm called Wiz acquisition rumors "a headscratcher," "far from fact" and "pure speculation on their part.
Schneier on Security
AUGUST 31, 2023
A used government surveillance van is for sale in Chicago: So how was this van turned into a mobile spying center? Well, let’s start with how it has more LCD monitors than a Counterstrike LAN party. They can be used to monitor any of six different video inputs including a videoscope camera. A videoscope and a borescope are very similar as they’re both cameras on the ends of optical fibers, so the same tech you’d use to inspect cylinder walls is also useful for surveillance.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Security Affairs
AUGUST 31, 2023
Experts warn of ongoing credential stuffing and brute-force attacks targeting Cisco ASA (Adaptive Security Appliance) SSL VPNs. Cisco is aware of attacks conducted by Akira ransomware threat actors targeting Cisco ASA VPNs that are not configured for multi-factor authentication. “Cisco is aware of reports that Akira ransomware threat actors have been targeting Cisco VPNs that are not configured for multi-factor authentication to infiltrate organizations, and we have observed instances wher
WIRED Threat Level
AUGUST 29, 2023
The competitions, which are held on Russian-language cybercrime forums, offer prize money of up to $80,000 for the winners.
Data Breach Today
AUGUST 31, 2023
UK Risks Falling Behind EU and US in AI Governance, Parliamentary Committee Warns British lawmakers are calling on the government to speed up efforts to articulate a comprehensive artificial intelligence policy in the face of challenges ranging from bias to existential risk. Delay could erode the Britain's position "as a center of AI research," the lawmakers said.
KnowBe4
AUGUST 30, 2023
No surprise: phishing attacks are on the rise, and a new technique is becoming increasingly popular: open redirect flaws. These flaws allow attackers to redirect victims to malicious websites, even if the link in the phishing email appears to be legitimate.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
AUGUST 31, 2023
Multinational mass media conglomerate Paramount Global suffered a data breach after an unauthorized party accessed files from certain of its systems. Multinational mass media conglomerate Paramount Global disclosed a data breach. According to the data breach notification letter sent to the impacted individuals, an unauthorized party accessed files from certain systems of the company between May and June 2023.
Troy Hunt
AUGUST 29, 2023
Today, the US Justice Department announced a multinational operation involving actions in the United States, France, Germany, the Netherlands, and the United Kingdom to disrupt the botnet and malware known as Qakbot and take down its infrastructure. Beyond just taking down the backbone of the operation, the FBI began actively intercepting traffic from the botnet and instructing infected machines the uninstall the malware: To disrupt the botnet, the FBI was able to redirect Qakbot botnet traffic
Data Breach Today
AUGUST 30, 2023
M&A Will Help SailPoint Guard Privileged, Non-Privileged Identities on One Platform SailPoint has agreed to buy U.K.-based privileged access management vendor Osirium for $8.3 million to better protect privileged and non-privileged identities on a single platform. The deal will allow Osirium to benefit from SailPoint's increased scale and enhanced sector and regional capabilities.
Expert insights. Personalized for you.
338 
Let's personalize your content