Data Breach Today
JULY 25, 2022
Directive Emphasizes Continuous Monitoring and Assessments U.S. federal regulators are revamping their approach to oil pipeline cybersecurity by telling operators they have newfound latitude so long as they implement continuous monitoring and test their posture. Pipeline cybersecurity became a priority after a 2021 ransomware attack led to gas shortages.
Security Affairs
JULY 24, 2022
Threat actor leaked data of 5.4 million Twitter users that were obtained by exploiting a now patched flaw in the popular platform. A threat actor has leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor is now offering for sale the stolen data on a the popular hacking forum Breached Forums.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Dark Reading
JULY 26, 2022
Insiders could become more vulnerable to cybercrime recruitment efforts, new report says.
Krebs on Security
JULY 29, 2022
The 911 service as it existed until July 28, 2022. 911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its business operations. The abrupt closure comes ten days after KrebsOnSecurity published an in-depth look at 911 and its connections to shady pay-per-install affiliate programs that secretly bundled 911’s proxy so
Advertiser: ZoomInfo
AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.
Data Breach Today
JULY 29, 2022
Customers of 'Robin Banks' Platform Have Netted $500,000 Fifty bucks gets cybercriminals access to a phishing-as-a-service platform for campaigns impersonating major brands in the United States and other English-speaking countries. Researchers from IronNet say the prices offered on "Robin Banks" are substantially less than comparable service providers.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
WIRED Threat Level
JULY 23, 2022
Plus: The FCC cracks down on car warranty robocalls, Thai activists get targeted by NSO's Pegasus, and the Russia-Ukraine cyberwar continues.
Krebs on Security
JULY 27, 2022
It’s been seven years since the online cheating site AshleyMadison.com was hacked and highly sensitive data about its users posted online. The leak led to the public shaming and extortion of many Ashley Madison users, and to at least two suicides. To date, little is publicly known about the perpetrators or the true motivation for the attack. But a recent review of Ashley Madison mentions across Russian cybercrime forums and far-right websites in the months leading up to the hack revealed s
Data Breach Today
JULY 28, 2022
Dominant Ransomware Group Remains Highly Active, Has Enjoyed Unusual Longevity Since the decline and fall of the Conti ransomware brand earlier this year, LockBit appears to have seized the mantle, listing more victims on its data leak site than any other. Experts say the group's focus on technical sophistication and keeping affiliates happy remain key to its success.
Security Affairs
JULY 29, 2022
Threat actors are actively exploiting the recently patched critical flaw in Atlassian Confluence Server and Data Center. Recenlty Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data Center tracked as CVE-2022-26138. A remote, unauthenticated attacker can exploit the vulnerability to log into unpatched servers.
Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage
When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m
WIRED Threat Level
JULY 28, 2022
Russia has been trying to block the anonymous browser since December—with mixed results.
Krebs on Security
JULY 28, 2022
Microleaves , a ten-year-old proxy service that lets customers route their web traffic through millions of Microsoft Windows computers, recently fixed a vulnerability in their website that exposed their entire user database. Microleaves claims its proxy software is installed with user consent, but data exposed in the breach shows the service has a lengthy history of being supplied with new proxies by affiliates incentivized to distribute the software any which way they can — such as by sec
Data Breach Today
JULY 26, 2022
Despite 'Patch or Perish' Problem, Bugs Rarely Burn Out, Instead Slowly Fading Away Big, bad bugs - including the likes of Heartbleed, BlueKeep and Drupalgeddon - never seem to burn out. Instead, they just slowly fade away, despite the risk that attackers will successfully exploit them to steal data, seize control of systems or deploy ransomware.
Security Affairs
JULY 28, 2022
This month Akamai blocked the largest distributed denial-of-service (DDoS) attack that hit an organization in Europe. On July 21, 2022, Akamai mitigated the largest DDoS attack that ever hit one of its European customers. The attack hit an Akamai customer in Eastern Europe that was targeted 75 times in the past 30 days with multiple types of DDoS attacks, including UDP, UDP fragmentation, ICMP flood, RESET flood, SYN flood, TCP anomaly, TCP fragment, PSH ACK flood, FIN push flood, and PUSH flood
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
WIRED Threat Level
JULY 24, 2022
The next time someone wants to borrow your device to make a call or take a picture, take these steps to protect your privacy.
The Last Watchdog
JULY 27, 2022
Post Covid 19, attack surface management has become the focal point of defending company networks. Related: The importance of ‘SaaS posture management’ As digital transformation continues to intensify, organizations are relying more and more on hosted cloud processing power and data storage, i.e. Platform as a Service ( PaaS ,) as well as business tools of every stripe, i.e.
Data Breach Today
JULY 29, 2022
Agreement Focuses on Data Sharing, Conducting Joint Exercises Ukrainian and U.S. officials pledged closer cybersecurity collaboration, announcing a memorandum of cooperation after Ukrainian officials discussed Russian threat actors in a meeting with the FBI in New York. "Cyberthreats cross borders and oceans," said CISA head Jen Easterly.
Security Affairs
JULY 27, 2022
Researchers uncovered an ongoing operation, codenamed DUCKTAIL that targets Facebook Business and Ad Accounts. Researchers from WithSecure (formerly F-Secure Business) have discovered an ongoing operation, named DUCKTAIL, that targets individuals and organizations that operate on Facebook’s Business and Ads platform. Experts attribute the campaign to a Vietnamese financially motivated threat actor which is suspected to be active since 2018. “Our investigation reveals that the threat actor
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
WIRED Threat Level
JULY 25, 2022
Since Vladimir Putin blocked Facebook, Instagram, and Twitter in March, Russia has been pushing away from the global internet at a rapid pace.
The Last Watchdog
JULY 25, 2022
Cyber-attacks continue to make headlines, and wreak havoc for organizations, with no sign of abating. Having spiked during the COVID-19 pandemic, threats such as malware, ransomware, and DDoS attacks continue to accelerate. Related: Apple tools abuse widespread. A10’s security research team recorded a significant spike in the number of potential DDoS weapons available for exploitation in 2021 and early 2022.
Data Breach Today
JULY 29, 2022
Midsized Businesses Are the New Frontier for Ransomware Demands Here's unwelcome ransomware news: When a ransomware victim chooses to pay a ransom, the average amount has increased to $228,125, reports ransomware incident response firm Coveware. On the upside, however, big-name ransomware groups are having a tougher time attracting affiliates.
Security Affairs
JULY 25, 2022
Operators behind the Amadey Bot malware use the SmokeLoader to distribute a new variant via software cracks and keygen sites. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows operators to install additional payloads. The malware is available for sale in illegal forums, in the past, it was used by cybercrime gangs like TA505 to install GandCrab ransomware or the FlawedAmmyy RAT.
Advertiser: ZoomInfo
ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!
Dark Reading
JULY 26, 2022
Machine learning should be considered an extension of — not a replacement for — existing security methods, systems, and teams.
eSecurity Planet
JULY 25, 2022
The domain name system (DNS) is basically a directory of addresses for the internet. Your browser uses DNS to find the IP for a specific service. For example, when you enter esecurityplanet.com, the browser queries a DNS service to reach the matching servers, but it’s also used when you send an email. It is handy for users, as they don’t have to remember the IP address for each service, but it does not come without security risks and vulnerabilities.
Data Breach Today
JULY 29, 2022
LockBit 3.0, New US Privacy Laws and FTC Initiatives to Watch Lisa Sotto of Hunton Andrews Kurth LLP joins three ISMG editors to discuss important cybersecurity and privacy issues, including data breach preparedness, the evolution of LockBit 3.0 and the potential impact of the Cyber Incident Reporting for Critical Infrastructure Act of 2022.
Security Affairs
JULY 25, 2022
Drupal development team released security updates to fix multiple issues, including a critical code execution flaw. Drupal developers have released security updates to address multiple vulnerabilities in the popular CMS: Drupal core – Moderately critical – Multiple vulnerabilities – SA-CORE-2022-015 Drupal core – Critical – Arbitrary PHP code execution – SA-CORE-2022-014 Drupal core – Moderately critical – Access Bypass – SA-CORE-2022-013 Dru
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Schneier on Security
JULY 28, 2022
Kaspersky is reporting on a new UFEI rootkit that survives reinstalling the operating system and replacing the hard drive. From an article : The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an OS in its own right.
Dark Reading
JULY 27, 2022
Microsoft flagged the company's Subzero tool set as on offer to unscrupulous governments and shady business interests.
Data Breach Today
JULY 29, 2022
Proposed Class Action Claims Meta Pixel Tracks Sensitive Patient Info Another proposed federal class action lawsuit alleges Facebook uses its Pixel tracking tool to collect millions of individuals' sensitive health data from healthcare provider websites without patients' knowledge or consent. HIPAA prohibits the use of PHI for marketing purposes without consent.
Expert insights. Personalized for you.
297 
Let's personalize your content