Sat.Nov 27, 2021 - Fri.Dec 03, 2021

article thumbnail

Who Is the Network Access Broker ‘Babam’?

Krebs on Security

Rarely do cybercriminal gangs that deploy ransomware gain the initial access to the target themselves. More commonly, that access is purchased from a cybercriminal broker who specializes in acquiring remote access credentials — such as usernames and passwords needed to remotely connect to the target’s network. In this post we’ll look at the clues left behind by “ Babam ,” the handle chosen by a cybercriminal who has sold such access to ransomware groups on many occa

Access 320
article thumbnail

GUEST ESSAY: Ransomware pivot 2021: attackers now grab, threaten to leak sensitive data

The Last Watchdog

Ransomware attacks have reached a record high this year, with nearly 250 attacks recorded to date and months to go. As we’ve seen with major attacks like Kaseya and Colonial Pipeline, cybercriminals have continued to innovate, developing new tools and tactics to encrypt and exfiltrate data. Related: Kaseya breach worsens supply chain worries. Where previously ransomware gangs relied solely on the attack’s disruption to daily business to be enough for the victim to pay the ransom, today’s stakes

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CISA adds Zoho, Apache, Qualcomm, Mikrotik flaws to the list of actively exploited issues

Security Affairs

U.S. CISA urges to address vulnerabilities Qualcomm, Mikrotik, Zoho and the Apache Software Foundation software. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its catalog of actively exploited vulnerabilities recommending federal agencies to address the flaws in Qualcomm, Mikrotik, Zoho and the Apache Software Foundation software within specific timeframes and deadlines.

article thumbnail

7 Key Takeaways from the IRMS Conference 2021

Preservica

It's been a busy few weeks in the world of Preservica with the Launch of Starter in the UK, announcements on training with IRMS and ARA as well as the huge news of a further £5mil investment from Gresham House Ventures to accelerate our digital preservation solutions… but this all paled in comparison to attending my first face to face conference in over two years!

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach”

Krebs on Security

In January 2021, technology vendor Ubiquiti Inc. [NYSE:UI] disclosed that a breach at a third party cloud provider had exposed customer account credentials. In March, a Ubiquiti employee warned that the company had drastically understated the scope of the incident, and that the third-party cloud provider claim was a fabrication. On Wednesday, a former Ubiquiti developer was arrested and charged with stealing data and trying to extort his employer while pretending to be a whistleblower.

Cloud 328

More Trending

article thumbnail

New EwDoor Botnet is targeting AT&T customers

Security Affairs

360 Netlab experts spotted a new botnet dubbed EwDoor that infects unpatched AT&T enterprise network edge devices. Experts from Qihoo 360’s Network Security Research Lab discovered a new botnet, dubbed EwDoor , that targets AT&T customers using EdgeMarc Enterprise Session Border Controller (ESBC) edge devices that are publicly exposed to the Internet.

article thumbnail

List of data breaches and cyber attacks in November 2021 – 223.6 million records breached

IT Governance

In November, we discovered 81 publicly disclosed cyber security incidents, accounting for 223,615,390 breached records. With one month left in 2021, the annual total running total of compromised records is to just shy of 5 billion. Keep an eye out for our end-of-year report in the next few weeks, where we’ll break down the findings of these lists – or subscribe to our Weekly Round-up to get the latest news sent straight to your inbox.

article thumbnail

AT&T Looks to Shut Down Botnet that Attacked 5,700 Network Appliances

eSecurity Planet

AT&T is working to stop a botnet that has infected at least 5,700 network edge servers inside its networks and appears designed to steal sensitive information and launch distributed denial-of-service (DDoS) attacks. Researchers at Netlab, the network security unit of Chinese tech giant Qihoo 360, wrote in a report this week that the rapidly updated botnet was attacking voice-over-IP (VoIP) servers from Edgewater Networks that are housed within AT&T’s network and are designed to route tra

IoT 145
article thumbnail

GUEST ESSAY: The shock waves of mental illness have begun exacerbating cybersecurity exposures

The Last Watchdog

Mental health at work is undergoing a rapid transformation. Even before the COVID-19 pandemic, which has caused an increase in feelings of loneliness and isolation, workers’ mental health was under pressure. Related: Capital One hacker demonstrated ‘erratic behavior’ According to a recent workforce health survey, 40% of workers experienced mental health issues this past year , double the year before.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

FBI training document shows lawful access to multiple encrypted messaging apps

Security Affairs

Which are the most secure encrypted messaging apps? An FBI document shows what data can be obtained from them. The Record shared an FBI training document that reveals the surveillance capabilities of the US law enforcement detailing which data can be extracted from encrypted messaging apps. The document analyzes lawful access to multiple encrypted messaging apps, including iMessage, Line, Signal, Telegram, Threema, Viber, WhatsApp, WeChat, or Wickr.

article thumbnail

Mainframe Modernization has gone Mainstream: Modernizing Mainframe Workloads with AWS and Micro Focus

Micro Focus

Micro Focus’ innovation in the modernization space continues to gather pace. Eddie Houghton, Enterprise Product Director explains the latest developments in mainframe workload modernization with AWS and Micro Focus. The Rich Micro Focus Heritage in Mainframe Modernization Most large enterprises and public institutions run business-critical applications on mainframe environments that execute vast numbers of transactions.

139
139
article thumbnail

Smart Contract Bug Results in $31 Million Loss

Schneier on Security

A hacker stole $31 million from the blockchain company MonoX Finance , by exploiting a bug in software the service uses to draft smart contracts. Specifically, the hack used the same token as both the tokenIn and tokenOut, which are methods for exchanging the value of one token for another. MonoX updates prices after each swap by calculating new prices for both tokens.

article thumbnail

Best Privileged Access Management (PAM) Software for 2022

eSecurity Planet

Privileged accounts are among an organization’s biggest cybersecurity concerns. These accounts give admins control over data, applications, infrastructure and other critical assets that average system users don’t have permission to access or change. If a hacker gains access to a privileged account, he or she could inflict significant damage, so any unauthorized access to a privileged account is about as dangerous as a cyberattack can get.

Access 137
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

RATDispenser, a new stealthy JavaScript loader used to distribute RATs

Security Affairs

RATDispenser is a new stealthy JavaScript loader that is being used to spread multiple remote access trojans (RATs) into the wild. Researchers from the HP Threat Research team have discovered a new stealthy JavaScript loader dubbed RATDispenser that is being used to spread a variety of remote access trojans (RATs) in attacks into the wild. Experts pointed out that the use of JavaScript is uncommon as malware file format and for this reason it is more poorly detected.

article thumbnail

Phishing Remains the Most Common Cause of Data Breaches, Survey Says

Dark Reading

Despite heightened concerns over ransomware, fewer organizations in a Dark Reading survey reported being an actual victim of a ransomware attack over the past year.

article thumbnail

What is Modern Authentication and Its Role in Achieving Zero Trust Security?

Thales Cloud Protection & Licensing

What is Modern Authentication and Its Role in Achieving Zero Trust Security? madhav. Thu, 12/02/2021 - 08:36. The evolving business and technology landscape and the need for secure, yet convenient, ways of logging into applications are driving the quest for more effective authentication. The changing landscape. As we are slowly getting into a post pandemic world, the greatest lesson learnt from this turbulent period is that businesses need to have the ability to adapt to changing forces.

article thumbnail

China’s Data Privacy Law Poses Challenge for International Companies

eSecurity Planet

Businesses that have spent the past three-plus years adapting to the European Union’s far-reaching data privacy law now have to decide how they will respond to a similar law in China that has been criticized as being more vague in its wording and harsher in its penalties. China’s Personal Information and Privacy Law (PIPL), enacted early last month, is designed to give more than 1.4 billion people greater control over the data collected by private companies and what those companies can do with t

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

IKEA hit by a cyber attack that uses stolen internal reply-chain emails

Security Affairs

Threat actors are targeting IKEA employees in an internal phishing campaign leveraging stolen reply-chain emails. According to BleepingComputer, threat actors are targeting IKEA employees in phishing attacks using stolen reply-chain emails. Once compromised the mail servers, threat actors use the access to reply to the company’s internal emails in reply-chain attacks.

Phishing 145
article thumbnail

Testing Faraday Cages

Schneier on Security

Matt Blaze tested a variety of Faraday cages for phones, both commercial and homemade. The bottom line: A quick and likely reliable “go/no go test” can be done with an Apple AirTag and an iPhone: drop the AirTag in the bag under test, and see if the phone can locate it and activate its alarm (beware of caching in the FindMy app when doing this).

IT 126
article thumbnail

How Decryption of Network Traffic Can Improve Security

Threatpost

Most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. Jeff Costlow, CISO at ExtraHop, explains why this might not be a good thing.

article thumbnail

Fortinet vs Palo Alto Networks: Top NGFWs Compared

eSecurity Planet

A next-generation firewall (NGFW) is an important component of network security and represents the third generation of firewall technology. NGFWs provide capabilities beyond that of a traditional, stateful firewall , including cloud-delivered threat intelligence , integrated intrusion prevention , and application awareness and control. To add to the stateful inspection of network traffic and access control , NGFWs can block modern, sophisticated threats like application-layer attacks and advance

Cloud 130
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Sabbath Ransomware target critical infrastructure in the US and Canada

Security Affairs

Sabbath ransomware is a new threat that has been targeting critical infrastructure in the United States and Canada since June 2021. A new ransomware group called Sabbath (aka UNC2190) has been targeting critical infrastructure in the United States and Canada since June 2021. According to Mandiant researchers, the group is a rebrand of Arcane and Eruption gangs.

article thumbnail

France: The CNIL publishes a practical guide on Data Protection Officers

DLA Piper Privacy Matters

On 16 November 2021, the French data protection supervisory authority (the “CNIL”) published a practical guide (“Guide”) on Data Protection Officers (“DPOs”). The Guide provides a reminder of the applicable obligations regarding the designation, tasks and missions of DPOs as well as good practices to help organizations comply with their obligation to designate a DPO and to support DPOs already in place with their missions.

GDPR 116
article thumbnail

Intel is Maintaining Legacy Technology for Security Research

Schneier on Security

Interesting : Intel’s issue reflects a wider concern: Legacy technology can introduce cybersecurity weaknesses. Tech makers constantly improve their products to take advantage of speed and power increases, but customers don’t always upgrade at the same pace. This creates a long tail of old products that remain in widespread use, vulnerable to attacks.

Security 114
article thumbnail

Nation-State Attackers Use RTF Injection to Easily Spread Malware

eSecurity Planet

Hacking groups linked to Russia, China and India are leveraging a novel attack technique that makes it easier for them to spread malware , steal data and evade detection, according to a report this week by security firm Proofpoint. The advanced persistent threat (APT) groups are using a technique called rich text format (RTF) template injections, which is similar to a template injection tactic that exploits Microsoft Office files.

Phishing 123
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

0patch releases unofficial patches for CVE-2021-24084 Windows 10 zero-day

Security Affairs

0patch released free unofficial patches for Windows local privilege escalation zero-day ( CVE-2021-24084 ) in Windows 10, version 1809 and later. 0patch released free unofficial patches for Windows local privilege escalation zero-day (CVE-2021-24084) in Windows 10, version 1809 and later. The issue doesn’t impact Windows Servers because the vulnerable functionality in not implemented in these OSs.

Security 143
article thumbnail

80K Retail WooCommerce Sites Exposed by Plugin XSS Bug

Threatpost

The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts.

Retail 119
article thumbnail

Modernizing Content Services to Keep Pace with Market Demands

OpenText Information Management

A large Canadian food and pharmacy retailer, and long-time OpenText™ customer, with more than 2,500 corporate-owned retail locations serving nearly 13,000 independent distribution customers had been running OpenText™ Extended ECM on-premises since 2009. The company has a growing digital business, including online grocery orders and eCommerce sales related to its pharmacy, beauty, apparel, and lifestyle offers.