Data Breach Today
JULY 25, 2022
Directive Emphasizes Continuous Monitoring and Assessments U.S. federal regulators are revamping their approach to oil pipeline cybersecurity by telling operators they have newfound latitude so long as they implement continuous monitoring and test their posture. Pipeline cybersecurity became a priority after a 2021 ransomware attack led to gas shortages.
Security Affairs
JULY 24, 2022
Threat actor leaked data of 5.4 million Twitter users that were obtained by exploiting a now patched flaw in the popular platform. A threat actor has leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform. The threat actor is now offering for sale the stolen data on a the popular hacking forum Breached Forums.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Dark Reading
JULY 26, 2022
Insiders could become more vulnerable to cybercrime recruitment efforts, new report says.
Krebs on Security
JULY 29, 2022
The 911 service as it existed until July 28, 2022. 911[.]re, a proxy service that since 2015 has sold access to hundreds of thousands of Microsoft Windows computers daily, announced this week that it is shutting down in the wake of a data breach that destroyed key components of its business operations. The abrupt closure comes ten days after KrebsOnSecurity published an in-depth look at 911 and its connections to shady pay-per-install affiliate programs that secretly bundled 911’s proxy so
Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage
Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, CTO of Betterworks, will explore a practical framework to transform Generative AI prototypes into
Data Breach Today
JULY 29, 2022
Customers of 'Robin Banks' Platform Have Netted $500,000 Fifty bucks gets cybercriminals access to a phishing-as-a-service platform for campaigns impersonating major brands in the United States and other English-speaking countries. Researchers from IronNet say the prices offered on "Robin Banks" are substantially less than comparable service providers.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Security Affairs
JULY 23, 2022
The U.S. DoJ seized $500,000 worth of Bitcoin from North Korea-linked threat actors who are behind the Maui ransomware. The U.S. Department of Justice (DoJ) has seized $500,000 worth of Bitcoin from North Korean threat actors who used the Maui ransomware to target several organizations worldwide. “The Justice Department today announced a complaint filed in the District of Kansas to forfeit cryptocurrency paid as ransom to North Korean hackers or otherwise used to launder such ransom paymen
Krebs on Security
JULY 28, 2022
Microleaves , a ten-year-old proxy service that lets customers route their web traffic through millions of Microsoft Windows computers, recently fixed a vulnerability in their website that exposed their entire user database. Microleaves claims its proxy software is installed with user consent, but data exposed in the breach shows the service has a lengthy history of being supplied with new proxies by affiliates incentivized to distribute the software any which way they can — such as by sec
Data Breach Today
JULY 28, 2022
Dominant Ransomware Group Remains Highly Active, Has Enjoyed Unusual Longevity Since the decline and fall of the Conti ransomware brand earlier this year, LockBit appears to have seized the mantle, listing more victims on its data leak site than any other. Experts say the group's focus on technical sophistication and keeping affiliates happy remain key to its success.
Hunton Privacy
JULY 26, 2022
Following the ruling in Dobbs , the National Institutes of Health’s (“NIH’s”) certificates of confidentiality offer an important layer of privacy protection to reproductive health research data. The Public Health Service Act created the certificates of confidentiality program, which prohibits the disclosure of identifiable, sensitive research data “in any Federal, State, or local civil, criminal, administrative, legislative, or other proceeding” without the research subject’s consent.
Advertisement
Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?
Dark Reading
JULY 29, 2022
In a Black Hat USA talk, Katie Moussouris will discuss why bug-bounty programs are failing in their goals, and what needs to happen next to use bounties in a way that improves security outcomes.
Schneier on Security
JULY 28, 2022
Kaspersky is reporting on a new UFEI rootkit that survives reinstalling the operating system and replacing the hard drive. From an article : The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. As the software that bridges a PC’s device firmware with its operating system, the UEFI—short for Unified Extensible Firmware Interface—is an OS in its own right.
Data Breach Today
JULY 26, 2022
Despite 'Patch or Perish' Problem, Bugs Rarely Burn Out, Instead Slowly Fading Away Big, bad bugs - including the likes of Heartbleed, BlueKeep and Drupalgeddon - never seem to burn out. Instead, they just slowly fade away, despite the risk that attackers will successfully exploit them to steal data, seize control of systems or deploy ransomware.
Jamf
JULY 28, 2022
Integrating Butterfly Network's’ s innovative hand-held Ultrasound-on-Chip™ technology with Jamf supports HIPAA-compliant patient care while making medical imaging accessible everywhere.
Advertisement
Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.
Security Affairs
JULY 25, 2022
Operators behind the Amadey Bot malware use the SmokeLoader to distribute a new variant via software cracks and keygen sites. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows operators to install additional payloads. The malware is available for sale in illegal forums, in the past, it was used by cybercrime gangs like TA505 to install GandCrab ransomware or the FlawedAmmyy RAT.
Dark Reading
JULY 26, 2022
Machine learning should be considered an extension of — not a replacement for — existing security methods, systems, and teams.
Data Breach Today
JULY 29, 2022
Agreement Focuses on Data Sharing, Conducting Joint Exercises Ukrainian and U.S. officials pledged closer cybersecurity collaboration, announcing a memorandum of cooperation after Ukrainian officials discussed Russian threat actors in a meeting with the FBI in New York. "Cyberthreats cross borders and oceans," said CISA head Jen Easterly.
KnowBe4
JULY 25, 2022
The Colonial Pipeline ransomware attack of 2021 put infrastructure operators on notice that they were directly in the crosshairs of big ransomware gangs. The reaction of law enforcement seems, however, to have also put the gangs on notice that their ability to operate with impunity isn’t what it used to be. The big criminal operations seem to be breaking up.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Security Affairs
JULY 29, 2022
Threat actors are actively exploiting the recently patched critical flaw in Atlassian Confluence Server and Data Center. Recenlty Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data Center tracked as CVE-2022-26138. A remote, unauthenticated attacker can exploit the vulnerability to log into unpatched servers.
Schneier on Security
JULY 27, 2022
Good essay arguing that open-source software is a critical national-security asset and needs to be treated as such: Open source is at least as important to the economy, public services, and national security as proprietary code, but it lacks the same standards and safeguards. It bears the qualities of a public good and is as indispensable as national highways.
Data Breach Today
JULY 29, 2022
Midsized Businesses Are the New Frontier for Ransomware Demands Here's unwelcome ransomware news: When a ransomware victim chooses to pay a ransom, the average amount has increased to $228,125, reports ransomware incident response firm Coveware. On the upside, however, big-name ransomware groups are having a tougher time attracting affiliates.
KnowBe4
JULY 28, 2022
Malicious USB keys have always been a problem. There is almost no professional penetration testing team that does not drop a handful of USB keys outside of any targeted organization and see success from employees plugging them in and opening boobytrapped documents or running malicious executables.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
Security Affairs
JULY 28, 2022
This month Akamai blocked the largest distributed denial-of-service (DDoS) attack that hit an organization in Europe. On July 21, 2022, Akamai mitigated the largest DDoS attack that ever hit one of its European customers. The attack hit an Akamai customer in Eastern Europe that was targeted 75 times in the past 30 days with multiple types of DDoS attacks, including UDP, UDP fragmentation, ICMP flood, RESET flood, SYN flood, TCP anomaly, TCP fragment, PSH ACK flood, FIN push flood, and PUSH flood
Hunton Privacy
JULY 27, 2022
On July 22, 2022, companies are required to notify the Arizona Department of Homeland Security when they experience a data breach impacting more than 1,000 Arizona residents. This notification requirement is in addition to obligations to notify affected individuals, the Arizona state attorney general and the three largest national consumer reporting agencies.
Data Breach Today
JULY 29, 2022
LockBit 3.0, New US Privacy Laws and FTC Initiatives to Watch Lisa Sotto of Hunton Andrews Kurth LLP joins three ISMG editors to discuss important cybersecurity and privacy issues, including data breach preparedness, the evolution of LockBit 3.0 and the potential impact of the Cyber Incident Reporting for Critical Infrastructure Act of 2022.
IT Governance
JULY 26, 2022
We’ve all been feeling the effects of inflation recently. Prices rose by 8.2% in the twelve months to June 2022 , with the largest increases being seen in electricity, gas and transport prices. Meanwhile, the cost of renting commercial property continues to rise , despite the decreased demand for office space amid the uptick in remote work. It should be obvious why costs are on the rise; substantial disruption remains related to COVID-19, Russia’s invasion of Ukraine has disrupted supply chains
Advertisement
Start-ups & SMBs launching products quickly must bundle dashboards, reports, & self-service analytics into apps. Customers expect rapid value from your product (time-to-value), data security, and access to advanced capabilities. Traditional Business Intelligence (BI) tools can provide valuable data analysis capabilities, but they have a barrier to entry that can stop small and midsize businesses from capitalizing on them.
Security Affairs
JULY 25, 2022
Drupal development team released security updates to fix multiple issues, including a critical code execution flaw. Drupal developers have released security updates to address multiple vulnerabilities in the popular CMS: Drupal core – Moderately critical – Multiple vulnerabilities – SA-CORE-2022-015 Drupal core – Critical – Arbitrary PHP code execution – SA-CORE-2022-014 Drupal core – Moderately critical – Access Bypass – SA-CORE-2022-013 Dru
Hunton Privacy
JULY 26, 2022
On July 1, 2022, amendments to Florida’s State Cybersecurity Act (the “Act”) took effect, imposing certain ransomware reporting obligations on state agencies, counties and municipalities and prohibiting those entities from paying cyber ransoms. The amendments, enacted as HB 7055 , require state agencies and local governments to report ransomware incidents to the state’s Cybersecurity Operations Center (“CSOC”), the Cybercrime Office of the Department of Law Enforcement and local sheriff no later
Data Breach Today
JULY 29, 2022
Proposed Class Action Claims Meta Pixel Tracks Sensitive Patient Info Another proposed federal class action lawsuit alleges Facebook uses its Pixel tracking tool to collect millions of individuals' sensitive health data from healthcare provider websites without patients' knowledge or consent. HIPAA prohibits the use of PHI for marketing purposes without consent.
Expert insights. Personalized for you.
289 
Let's personalize your content