Krebs on Security
OCTOBER 11, 2022
Microsoft today released updates to fix at least 85 security holes in its Windows operating systems and related software, including a new zero-day vulnerability in all supported versions of Windows that is being actively exploited. However, noticeably absent from this month’s Patch Tuesday are any updates to address a pair of zero-day flaws being exploited this past month in Microsoft Exchange Server.
The Last Watchdog
OCTOBER 10, 2022
As digital technologies become more immersive and tightly integrated with our daily lives, so too do the corresponding intrusive attacks on user privacy. Related: The case for regulating facial recognition. Virtual reality (VR) is well positioned to become a natural continuation of this trend. While VR devices have been around in some form since well before the internet, the true ambition of major corporations to turn these devices into massively-connected social “metaverse” platforms has only r
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
KnowBe4
OCTOBER 12, 2022
Security researchers at Akamai identify an average of 13 million newly observed domains (NOD) each month this year, representing about 20% of the NODs resolved in the same timeframe.
WIRED Threat Level
OCTOBER 10, 2022
Colleges and K-12 campuses increasingly monitor student emails, social media, and more. Here’s how to secure your (or your child’s) privacy.
Advertiser: ZoomInfo
AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.
Schneier on Security
OCTOBER 12, 2022
Researchers have used thermal cameras and ML guessing techniques to recover passwords from measuring the residual heat left by fingers on keyboards. From the abstract: We detail the implementation of ThermoSecure and make a dataset of 1,500 thermal images of keyboards with heat traces resulting from input publicly available. Our first study shows that ThermoSecure successfully attacks 6-symbol, 8-symbol, 12-symbol, and 16-symbol passwords with an average accuracy of 92%, 80%, 71%, and 55% respec
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Data Breach Today
OCTOBER 10, 2022
After Optus, Another Australian Subsidiary Reports a Data Breach Telecom giant SingTel is managing multiple data breaches just weeks after Australian subsidiary Optus reported a breach affecting 9.8 million individuals. One of the new breaches is also in Australia. The other stems from a 2021 zero day vulnerability in file transfer application Accellion FTA.
WIRED Threat Level
OCTOBER 13, 2022
The Infowars host now knows the cost of “free speech”—but does the landmark judgment signal a crackdown on disinformation?
Data Matters
OCTOBER 13, 2022
On October 5, 2022, a federal jury in the Northern District of California convicted former Uber Chief Security Officer Joseph Sullivan of obstructing a federal proceeding and misprision of a felony for his role in deceiving management and the federal government to cover up a 2016 data breach that exposed personally identifiable information (“PII”) of approximately 57 million users, including approximately 600,000 drivers’ license numbers, of the ride-hailing service.
Security Affairs
OCTOBER 13, 2022
The Budworm espionage group resurfaced targeting a U.S.-based organization for the first time, Symantec Threat Hunter team reported. The Budworm cyber espionage group (aka APT27 , Bronze Union , Emissary Panda , Lucky Mouse , TG-3390 , and Red Phoenix) is behind a series attacks conducted over the past six months against a number of high-profile targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S. state legislature.
Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage
When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m
Data Breach Today
OCTOBER 14, 2022
39 Million Shoppers of Shein and Romwe Weren't Notified of Personal Data Exposure Fast-fashion clothing giant Shein has been fined $1.9 million by the New York state attorney general for multiple failings tied to a massive 2018 data breach, including substandard password security as well as failing to alert users or force password resets in a timely manner.
WIRED Threat Level
OCTOBER 8, 2022
Plus: The US warns of a mysterious military contractor breach, a "poisoned" version of the Tor Browser is tracking Chinese users, and more.
Schneier on Security
OCTOBER 11, 2022
Interesting research: “ ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks , by Tim Clifford, Ilia Shumailov, Yiren Zhao, Ross Anderson, and Robert Mullins: Abstract : Early backdoor attacks against machine learning set off an arms race in attack and defence development. Defences have since appeared demonstrating some ability to detect backdoors in models or even remove them.
Security Affairs
OCTOBER 14, 2022
Chinese-speaking threat actor, tracked as WIP19, is targeting telecommunications and IT service providers in the Middle East and Asia. SentinelOne researchers uncovered a new threat cluster, tracked as WIP19, which has been targeting telecommunications and IT service providers in the Middle East and Asia. The experts believe the group operated for cyber espionage purposes and is a Chinese-speaking threat group.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Data Breach Today
OCTOBER 8, 2022
Phishing Incident Caused Service Disruptions and Delays Australian fruit and vegetable supplier Costa Group says it was subjected to a malicious and sophisticated phishing attack in August that resulted in unauthorized access to its servers. The company, listed on the Australian Securities Exchange, says that the attack occurred on August 21.
WIRED Threat Level
OCTOBER 11, 2022
The company says it hardened the security of its new flagship phones—and plans to release a built-in Android VPN.
Hunton Privacy
OCTOBER 12, 2022
On October 3, 2022, Google LLC (“Google”) agreed to pay the State of Arizona $85 million to settle a consumer privacy lawsuit that alleged the company surreptitiously collected consumers’ geolocation data on smartphones even after users disabled location tracking. . Arizona’s lawsuit followed a 2018 Associated Press article that alleged Google continued to track the location of Android devices even after users disabled the Location History setting on the device.
Security Affairs
OCTOBER 10, 2022
The pro-Russia hacktivist group ‘KillNet’ is behind massive DDoS attacks that hit websites of several major airports in the US. The pro-Russia hacktivist group ‘ KillNet ‘ is claiming responsibility for massive distributed denial-of-service (DDoS) attacks against the websites of several major airports in the US. The DDoS attacks have taken the websites offline, users were not able to access it during the offensive.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Data Breach Today
OCTOBER 14, 2022
39 Million Shoppers of Shein and Romwe Weren't Notified of Personal Data Exposure Fast-fashion clothing giant Shein has been fined $1.9 million by New York state's attorney general for multiple failings tied to a massive 2018 data breach, including substandard password security, as well as failing to alert users or force password resets in a timely manner.
WIRED Threat Level
OCTOBER 13, 2022
By releasing half a million users’ transactions in a bankruptcy court filing, the company has opened a vast breach in its users’ financial privacy.
Dark Reading
OCTOBER 12, 2022
Among other things, users who download the app could end up having their WhatsApp account details stolen.
Security Affairs
OCTOBER 11, 2022
Lockbit ransomware affiliates are compromising Microsoft Exchange servers to deploy their ransomware, experts warn. South-Korean cybersecurity firm AhnLab reported that Lockbit ransomware affiliates are distributing their malware via compromised Microsoft Exchange servers. In July 2022, two servers operated by a customer of the security firm were infected with LockBit 3.0 ransomware. .
Advertiser: ZoomInfo
ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!
Data Breach Today
OCTOBER 12, 2022
October's Patch Tuesday Includes Fixes for 84 Bugs One zero-day down but two Microsoft Exchange zero-days to go in this month's dose of patches from the Redmond, Washington computing giant. Microsoft fixed a COM+ flaw being exploited in the wild but for now is relying on workarounds for two known email server bugs.
KnowBe4
OCTOBER 14, 2022
With ransomware gangs making so much money and then dropping off the face of the earth, what’s the motivation to come back to life and potentially risk getting caught?
Dark Reading
OCTOBER 11, 2022
The computing giant didn't fix ProxyNotLogon in October's Patch Tuesday, but it disclosed a rare 10-out-of-10 bug and patched two other zero-days, including one being exploited.
Security Affairs
OCTOBER 11, 2022
VMware has yet to address the CVE-2021-22048 privilege escalation vulnerability in vCenter Server disclosed in November 2021. VMware warns customers that it has yet to address a high-severity privilege escalation vulnerability, tracked as CVE-2021-22048 , in the vCenter Server. The flaw was disclosed in November 2021, it resides in the vCenter Server ‘s IWA (Integrated Windows Authentication) mechanism.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Data Breach Today
OCTOBER 13, 2022
Hardenize to Help Red Sift Customers Assess Security of Domains and Certificates A phishing and fraud prevention vendor has bought a startup founded by Qualys' longtime engineering leader to help organizations more effectively discover and monitor assets. Red Sift says its purchase of Hardenize will help customers assess the security of their digital asset inventory.
KnowBe4
OCTOBER 14, 2022
Under the guise of determining applicant eligibility for a U.S. federal government job, this latest phishing attack plants the seed for a future attack on the victim organization.
Dark Reading
OCTOBER 12, 2022
Drone-based cyberattacks to spy on corporate targets are no longer hypothetical, one incident from this summer shows.
Expert insights. Personalized for you.
330 
Let's personalize your content