Data Breach Today
NOVEMBER 8, 2022
A Ransomware Group Has Given Medibank 24 Hours to Pay. But Medibank Says it Won't. Who is attempting to extort Australian health insurer Medibank, why did Medibank tell its attackers it wouldn't pay a ransom and will this deter future cyber extortionists? Here are a few thoughts on the high cybercrime drama playing out.
Dark Reading
NOVEMBER 10, 2022
StackRox bridges network security and other gaps and makes applying and managing network isolation and access controls easier while extending Kubernetes' automation and scalability benefit.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
NOVEMBER 10, 2022
Anyone can get a blue tick on Twitter without proving who they are. And it’s already causing a ton of problems.
KnowBe4
NOVEMBER 7, 2022
We are thrilled to announce a brand-new product designed to help you develop a strong security culture. SecurityCoach enables real-time security coaching of your users in response to their risky security behavior.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
NOVEMBER 10, 2022
The major browsers natively trust a whole bunch of certificate authorities, and some of them are really sketchy : Google’s Chrome, Apple’s Safari, nonprofit Firefox and others allow the company, TrustCor Systems, to act as what’s known as a root certificate authority, a powerful spot in the internet’s infrastructure that guarantees websites are not fake, guiding users to them seamlessly.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Krebs on Security
NOVEMBER 8, 2022
Let’s face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we’ve patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems.
The Last Watchdog
NOVEMBER 7, 2022
Cybercriminals are becoming more creative as cybersecurity analysts adapt quickly to new ransomware strategies. Related: How training can mitigate targeted attacks. Ransomware has evolved from classic attacks to more innovative approaches to navigate reinforced security infrastructure. Here’s how hackers crafting new ransomware extortion tactics to keep analysts on their toes: Data exfiltration is no more.
eSecurity Planet
NOVEMBER 7, 2022
REMnux is a free community distribution that ethical hackers, security researchers, and many other security pros can leverage to build their own labs and speed up malware analysis. Whether you’re new to these specialties or an experienced investigator, REMnux contains many helpful Debian packages and configurations to perform advanced tasks, such as: Extracting IoCs (Indicators of Compromise) Disassembling/decompiling binaries or windows executables (such as PE files) Decoding, deobfuscating, de
Data Breach Today
NOVEMBER 8, 2022
Tehran Hackers Use Social Engineering to Close Sophistication Gap The healthcare industry should be aware of Iranian hackers using social engineering techniques, says the U.S. federal government. Hackers sponsored by Tehran layer on the social media deception, warns the Department of Health and Human Services' Health Sector Cybersecurity Coordinating Center.
Advertisement
Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?
Security Affairs
NOVEMBER 6, 2022
At the end of October, a cyber attack caused the trains to stop in Denmark, the attack hit a third-party IT service provider. A cyber attack caused training the trains operated by DSB to stop in Denmark the last weekend, threat actors hit a third-party IT service provider. The attack hit the Danish company Supeo which provides enterprise asset management solutions to railway companies, transportation infrastructure operators and public passenger authorities.
Hunton Privacy
NOVEMBER 8, 2022
SHIFT Counsellors at Law reports from Indonesia that The People’s Representative Council of the Republic of Indonesia has ratified Indonesia’s draft law on personal data protection. The draft law came into effect on October 17, 2022. The law, which is partly modeled on the EU General Data Protection Regulation, is Indonesia’s first “umbrella regulation” on personal data protection.
Schneier on Security
NOVEMBER 9, 2022
CISA is now pushing phishing-resistant multifactor authentication. Roger Grimes has an excellent post reminding everyone that “phishing-resistant” is not “phishing proof,” and that everyone needs to stop pretending otherwise. His list of different attacks is particularly useful.
Data Breach Today
NOVEMBER 10, 2022
Also: Ransomware Gang Leaks Negotiation Chat With Technical Detail About Attack The stark consequences of ransomware became painfully clear in Australia this week as attackers began releasing data from health insurer Medibank. Also, leaked chat logs reveal how the attackers accessed Medibank's systems.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
NOVEMBER 6, 2022
The ransomware group LockBit claimed to have stolen data from consulting and IT services provider Kearney & Company. Kearney is the premier CPA firm that services across the financial management spectrum to government entities. The company provides audit, consulting and IT services to the United States government. It has helped the Federal Government improve its financial operations’ overall effectiveness and efficiency.
eSecurity Planet
NOVEMBER 9, 2022
If MITRE Engenuity’s new MSSP evaluations are any indication, managed security service providers are a little like children from Lake Wobegon: They’re all above average. Of the 15 MSSPs that participated in MITRE’s first-ever security services testing, only three failed to report attack techniques in all 10 of the evaluation steps, and in two of those cases it was because the test didn’t successfully execute because of a web shell failure.
IT Governance
NOVEMBER 7, 2022
Welcome to our November 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over personal data. This month, we look at an unintended cyber security problem arising from Twitter’s plan to charge people for verification status. Elsewhere, we assess data breaches at a cancer research facility and the US retailer Bed Bath & Beyond.
Data Breach Today
NOVEMBER 11, 2022
Australian PM Says Russia Should 'Be Held Accountable' for Data Leaks The Australian government says hackers from Russia are behind the attack on Medibank, the country's largest private health insurer. Prime Minister Anthony Albanese said not just hackers but "the nation where these attacks are coming from should also be held accountable.
Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage
When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.
Security Affairs
NOVEMBER 10, 2022
A flaw in the ABB Totalflow system used in oil and gas organizations could be exploited by an attacker to inject and execute arbitrary code. Researchers from industrial security firm Claroty disclosed details of a vulnerability affecting ABB Totalflow flow computers and remote controllers. Flow computers are used to calculate volume and flow rates for oil and gas that are critical to electric power manufacturing and distribution.
eSecurity Planet
NOVEMBER 7, 2022
Kaspersky researchers recently found evidence of an advanced threat group continuously updating its malware to evade security products, similar to a release cycle for developers. Kaspersky revealed that APT10, also known as the Cicada hacking group, has successfully deployed the LODEINFO malware in government, media, public sector, and diplomatic organizations in Japan.
Troy Hunt
NOVEMBER 6, 2022
A couple of weeks ago I wrote about some big changes afoot for Have I Been Pwned (HIBP), namely the introduction of annual billing and new rate limits. Today, it's finally here! These are two of the most eagerly awaited, most requested features on HIBP's UserVoice so it's great to see them finally knocked off after years of waiting. In implementing all this, there are changes to the existing "one size fits all" model so if you're using the HIBP API, please make sure y
Data Breach Today
NOVEMBER 7, 2022
Ransomware Remains Biggest Online Threat, Warns NCSC CEO Lindy Cameron Cybersecurity basics are still an overlooked ransomware defense, Lindy Cameron, CEO of the National Cyber Security Center, told the CyberScotland Summit in Scotland. "We still think that 90% of incidents in the U.K. could have been prevented if people had followed the basics," she said.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Security Affairs
NOVEMBER 10, 2022
Experts discovered a malicious package on the Python Package Index (PyPI) that uses steganographic to hide malware within image files. CheckPoint researchers discovered a malicious package, named ‘ apicolor ,’ on the Python Package Index (PyPI) that uses steganographic to hide malware within image files. The malicious package infects PyPI users through open-source projects on Github. .
Dark Reading
NOVEMBER 11, 2022
Chinese government employs spyware to detect so-called "pre-crimes" including using a VPN, religious apps, or WhatsApp, new analysis reveals.
eSecurity Planet
NOVEMBER 11, 2022
Check Point security researchers recently described the Azov ransomware as an “effective, fast, and unfortunately unrecoverable data wiper,” noting that the malware seems far more focused on destroying data than on any effort to demand a ransom. As Check Point’s Ji?í Vinopal put it , “Be careful about this one… If you get infected -> System is basically dead.” BleepingComputer’s Lawrence Abrams noted that the malware’s ransom note falsely claims it
Data Breach Today
NOVEMBER 7, 2022
A Real Estate Developer Stole 50,000 Bitcoins from the Dark Web Emporium a Decade Ago Federal agents seized more than 50,000 in Bitcoin stolen from Silk Road a decade ago by a man who until recently owned a Tennessee real estate development firm. James Zhong, 32, pled guilty Friday to one count of wire fraud while prosecutors seek to formally claim the cryptocurrency.
Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL
Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.
Security Affairs
NOVEMBER 9, 2022
Google Project Zero researchers reported that a surveillance vendor is using three Samsung phone zero-day exploits. Google Project Zero disclosed three Samsung phone vulnerabilities, tracked as CVE-2021-25337, CVE-2021-25369 and CVE-2021-25370, that have been exploited by a surveillance company. The three issues are: CVE-2021-25337 : Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local
Schneier on Security
NOVEMBER 8, 2022
This technique measures device response time to determine distance: The scientists tested the exploit by modifying an off-the-shelf drone to create a flying scanning device, the Wi-Peep. The robotic aircraft sends several messages to each device as it flies around, establishing the positions of devices in each room. A thief using the drone could find vulnerable areas in a home or office by checking for the absence of security cameras and other signs that a room is monitored or occupied.
eSecurity Planet
NOVEMBER 11, 2022
GitHub has announced new features that could improve both developers’ experience and supply chain security. The “private vulnerability” reports announced at GitHub Universe 2022 will allow open-source maintainers to receive private issues from the community. Maintainers will be able to receive reports and collaborate with security professionals and all other issuers to patch vulnerabilities.
Expert insights. Personalized for you.
256 
Let's personalize your content