Sat.Sep 17, 2022 - Fri.Sep 23, 2022

article thumbnail

GUEST ESSAY: The rise of ‘PhaaS’ — and a roadmap to mitigate ‘Phishing-as-a-Service’

The Last Watchdog

Cybersecurity is a top concern for individuals and businesses in the increasingly digital world. Billion-dollar corporations, small mom-and-pop shops and average consumers could fall victim to a cyberattack. Related: Utilizing humans as security sensors. Phishing is one of the most common social engineering tactics cybercriminals use to target their victims.

Phishing 198
article thumbnail

15-Year-Old Python Flaw Slithers into Software Worldwide

Dark Reading

An unpatched flaw in more than 350,000 unique open source repositories leaves software applications vulnerable to exploit. The path traversal-related vulnerability is tracked as CVE-2007-4559.

100
100
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Automatic Cheating Detection in Human Racing

Schneier on Security

This is a fascinating glimpse of the future of automatic cheating detection in sports: Maybe you heard about the truly insane false-start controversy in track and field? Devon Allen—a wide receiver for the Philadelphia Eagles—was disqualified from the 110-meter hurdles at the World Athletics Championships a few weeks ago for a false start.

IT 113
article thumbnail

A disgruntled developer is the alleged source of the leak of the Lockbit 3.0 builder

Security Affairs

A disgruntled developer seems to be responsible for the leak of the builder for the latest encryptor of the LockBit ransomware gang. The leak of the builder for the latest encryptor of the LockBit ransomware gang made the headlines, it seems that the person who published it is a disgruntled developer. The latest version of the encryptor, version 3.0 , was released by the gang in June.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Harassment Site Kiwi Farms Breached

Data Breach Today

Assume Password, Email and IPs Leaked as an Attempt to Export User Database Made One of the internet's worst websites is down following a weekend hack that may have exposed the email, password and IP address of Kiwi Farms yses. A statement on the site says hackers gained access to site administrator Joshua Moon's account. Site users stalk trans and non-binary people.

Passwords 341

More Trending

article thumbnail

SHARED INTEL: Poll highlights the urgency to balance digital resiliency, cybersecurity

The Last Watchdog

The pace and extent of digital transformation that global enterprise organizations have undergone cannot be overstated. Related: The criticality of ‘attack surface management’ Massive global macro-economic shifts have fundamentally changed the way companies operate. Remote work already had an impact on IT strategy and the shift to cloud, including hybrid cloud , well before the onset of Covid 19.

article thumbnail

Analyzing IP Addresses to Prevent Fraud for Enterprises

Security Affairs

How can businesses protect themselves from fraudulent activities by examining IP addresses? The police would track burglars if they left calling cards at the attacked properties. Internet fraudsters usually leave a trail of breadcrumbs whenever they visit websites through specific IP addresses. They reveal their physical location and the device they used to connect to the web.

Privacy 144
article thumbnail

FBI Warns Healthcare Sector of Surge in Payment Scams

Data Breach Today

Cybercriminals Using Social Engineering, Phishing to Divert Payments Cybercriminals are netting multimillion-dollar hauls by targeting healthcare industry payment processing, the FBI warns. The criminals use publicly available personally identifiable information and deploy social engineering techniques to impersonate care providers.

Phishing 284
article thumbnail

Botched Crypto Mugging Lands Three U.K. Men in Jail

Krebs on Security

Three men in the United Kingdom were arrested this month for attempting to assault a local man and steal his virtual currencies. The incident is the latest example of how certain cybercriminal communities are increasingly turning to physical violence to settle scores and disputes. Shortly after 11 p.m. on September 6, a resident in the Spalding Common area in the district of Lincolnshire, U.K. phoned police to say three men were acting suspiciously, and had jumped a nearby fence. “The thre

Access 246
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Attacker Apparently Didn't Have to Breach a Single System to Pwn Uber

Dark Reading

Alleged teen hacker claims he found an admin password in a network share inside Uber that allowed complete access to ride-sharing giant's AWS, Windows, Google Cloud, VMware, and other environments.

Passwords 141
article thumbnail

Atlassian Confluence bug CVE-2022-26134 exploited in cryptocurrency mining campaign

Security Affairs

Threat actors are targeting unpatched Atlassian Confluence servers as part of an ongoing crypto mining campaign. Trend Micro researchers warn of an ongoing crypto mining campaign targeting Atlassian Confluence servers affected by the CVE-2022-26134 vulnerability. The now-patched critical security flaw was disclosed by Atlassian in early June, at the time the company warned of a critical unpatched remote code execution vulnerability affecting all Confluence Server and Data Center supported versio

Mining 141
article thumbnail

Ransomware’s Future: A Lucrative Money Spinner

Data Breach Today

Intel 471’s Michael DeBolt Says Anti-Ransomware Actions Will Take Time What is the future of ransomware, and is it going to continue with the same intensity of the last few years? Michael DeBolt of Intel471 says anti-ransomware efforts, including government action and better cybersecurity practices, are working. But ransomware isn’t going away soon.

article thumbnail

Software Supply Chain Security Guidance for Developers

eSecurity Planet

Whether it’s package hijacking, dependency confusing, typosquatting, continuous integration and continuous delivery ( CI/CD ) compromises, or basic web exploitation of outdated dependencies , there are many software supply chain attacks adversaries can perform to take down their victims, hold them to ransom , and exfiltrate critical data. It’s often more efficient to attack a weak link in the chain to reach a bigger target, like what happened to Kaseya or SolarWinds in the last couple of years.

Security 138
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

[HEADS UP] Bank of America Warns About Recent Scams That Request Zelle Payment Due to 'Suspicious Activity'

KnowBe4

Bank of America recently sent a customer service email warning users to watch out for this new phishing attack.

Phishing 133
article thumbnail

Bitdefender releases Universal LockerGoga ransomware decryptor

Security Affairs

Bitdefender has released a free decryptor to allow the victims of the LockerGoga ransomware to recover their files without paying a ransom. The cybersecurity firm Bitdefender has released a free decryptor to allow LockerGoga ransomware victims to recover their encrypted files without paying a ransom. “We’re pleased to announce the availability of a new decryptor for LockerGoga, a strain of ransomware that rose to fame in 2019 with the attack of the Norsk Hydro company.” reads the ann

article thumbnail

Ransomware’s Future: A Continuing Money Spinner

Data Breach Today

Intel 471’s Michael DeBolt Says Anti-Ransomware Actions Will Take Time What is the future of ransomware, and is it going to continue with the same intensity of the last few years? Michael DeBolt of Intel471 says anti-ransomware efforts, including government action and better cybersecurity practices, are working. But ransomware isn’t going away soon.

article thumbnail

Threat Group TeamTNT Returns with New Cloud Attacks

eSecurity Planet

A retired threat actor has returned with new attacks aimed at the cloud, containers – and encryption keys. The Aqua Nautilus research team observed three attacks that appeared very similar to those performed by TeamTNT, a threat actor specializing in cloud platforms and online instances such as Kubernetes clusters, Redis servers, and Docker APIs.

Cloud 133
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Social Engineering Targets Healthcare Payment Processors

KnowBe4

The US Federal Bureau of Investigation (FBI) has issued an alert warning of an increase in phishing and other social engineering attacks against healthcare payment processors.

Phishing 132
article thumbnail

Leaking Screen Information on Zoom Calls through Reflections in Eyeglasses

Schneier on Security

Okay, it’s an obscure threat. But people are researching it : Our models and experimental results in a controlled lab setting show it is possible to reconstruct and recognize with over 75 percent accuracy on-screen texts that have heights as small as 10 mm with a 720p webcam.” That corresponds to 28 pt, a font size commonly used for headings and small headlines. […].

Paper 131
article thumbnail

Australian Telco Optus Warns of 'Significant' Data Breach

Data Breach Today

Current and Former Customers' Contact Details Exposed, But No Financial Information Australian telecommunications giant Optus is warning that current and former customers' personal details were exposed, including some driver's license and passport details, but no passwords or financial details, after it suffered a major data breach.

article thumbnail

Ransomware Groups Turn to Intermittent Encryption to Speed Attack Times

eSecurity Planet

During a cyberattack, time is of the essence for both attackers and defenders. To accelerate the ransomware encryption process and make it harder to detect, cybercriminal groups have begun using a new technique: intermittent encryption. Intermittent encryption allows the ransomware encryption malware to encrypt files partially or only encrypt parts of the files.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Security Practices Are Improving, But Cybercriminals Are Keeping Up

KnowBe4

A survey by GetApp has found that the number of organizations using phishing simulations has risen from 30% in 2019 to 70% in 2022. Despite this positive trend, however, attackers continue to increase both the sophistication and volume of their phishing emails, which has led to a significant rise in employees clicking on phishing links.

Phishing 131
article thumbnail

Passkeys

Imperial Violet

This is an opinionated, “quick-start” guide to using passkeys as a web developer. It’s hopefully broadly applicable, but one size will never fit all authentication needs and this guide ignores everything that’s optional. So take it as a worked example, but not as gospel. It doesn't use any WebAuthn libraries, it just assumes that you have access to functions for verifying signatures.

Passwords 129
article thumbnail

Ransomware-as-a-Service Gang LockBit Pays First $50K Bounty

Data Breach Today

Group Thanked FBI Agent for Insider Information About Weaknesses The LockBit group has paid the first payment of $50,000 as part of its bug bounty program for researchers willing to aid in cybercriminality. The group had announced that it will pay individuals who find exploitable vulnerabilities in the software it uses to maliciously encrypt files.

article thumbnail

Over 39K unauthenticated Redis services on the internet targeted in cryptocurrency campaign

Security Affairs

Threat actors targeted tens thousands of unauthenticated Redis servers exposed on the internet as part of a cryptocurrency campaign. Redis, is a popular open source data structure tool that can be used as an in-memory distributed database, message broker or cache. The tool is not designed to be exposed on the Internet, however, researchers spotted tens thousands Redis instance publicly accessible without authentication.

Mining 125
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Cyber Threat Detection: The First Layer of Defence in Depth

IT Governance

Cyber crime is an increasingly lucrative business, with threat actors reportedly pocketing $6.9 billion (about £6 billion) last year. With the help of progressively more sophisticated techniques and organisations’ growing reliance on digital technology, it’s easy to see why there are so many breaches. Organisations are being urged to respond to the threat by investing more in cyber security defences, but if those solutions aren’t part of a cohesive strategy, the benefits will be minimal.

Phishing 125
article thumbnail

Phishing Campaign Targets GitHub Users

KnowBe4

GitHub has issued an alert warning of a phishing campaign targeting users by impersonating the popular DevOps tool CircleCI, BleepingComputer reports. The phishing emails inform users that they’ll need to click on a link and log into their GitHub account in order to review CircleCI’s new terms of service. The phishing site is designed to harvest credentials as well as time-based one-time-password (TOTP) authentication codes.

Phishing 124
article thumbnail

Digital Bank Revolut Confirms Customer Data Breach

Data Breach Today

Names, Addresses, Emails and Telephone Numbers Exposed But Money Is Safe Customers of app-based bank Revolut should be on guard for phishing attempts after a data breach exposed personal details such as names, emails and telephone numbers. The London-based fintech startup told Lithuanian authorities the hacking incident affects more than 50,000 customers.