Sat.Jul 31, 2021 - Fri.Aug 06, 2021

article thumbnail

Stay Safe Online in 10 Easy Steps

Elie

Here are the ten most important steps you can take to stay safe online. Blog post

118
118
article thumbnail

Do You Trust Your Smart TV?

Security Affairs

Did you ever stop to think that the office smart TV used for company presentations, Zoom meetings, and other work-related activities may not be so trustworthy? In our latest video, we demonstrate an attack scenario that can occur within any organization – hacking a smart TV. The video shows an insider plugging a USB Rubber Ducky into a smart TV in a company meeting room.

Access 137
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Black Hat: Charming Kitten Leaves More Paw Prints

Threatpost

IBM X-Force detailed the custom-made "LittleLooter" data stealer and 4+ hours of ITG18 operator training videos revealed by an opsec goof.

Security 123
article thumbnail

Cybersecurity M&A Update: Five Firms Make Moves

Data Breach Today

Ivanti, Sophos, Deloitte, Cerberus Sentinel and Feedzai Announce Deals Cybersecurity acquisitions continue at an intense pace, with Ivanti, Sophos, Deloitte Risk & Financial Advisory, Cerberus Sentinel and Feedzai all making moves to bolster their security portfolios.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Black Hat insights: WAFs are getting much more dynamic making them well-suited to protect SMBs

The Last Watchdog

A cornucopia of cybersecurity solutions went on public display today as Black Hat USA 2021 convened once more as a live event in Las Vegas. Related: Kaseya hack raises more supply chain worries. For small- and mid-sized businesses (SMBs) cutting through the marketing hype can be daunting. That said, there is one venerable technology – web application firewalls ( WAFs) – that is emerging as a perfect fit for SMBs in today’s environment, as all companies shift to a deeper reliance on cloud service

Risk 214

More Trending

article thumbnail

Advanced Technology Ventures discloses ransomware attack and data breach

Security Affairs

The American venture capital firm Advanced Technology Ventures (ATV) disclosed a ransomware attack, crooks also stole data of some private investors. Advanced Technology Ventures (ATV) is an American venture capital firm with more than $1.8 billion in capital under management. The venture capital firm this week disclosed a ransomware attack, threat actors have also stolen the personal information of some of its private investors.

article thumbnail

Unsecured Database Exposed Data on Millions

Data Breach Today

vpnMentor: Server Belonging to OneMoreLead Is Now Secured Researchers at vpnMentor say that B2B marketing company OneMoreLead exposed the data of up to 126 million Americans on a misconfigured Elasticsearch server.

B2B 354
article thumbnail

Black Hat insights: Deploying ‘human sensors’ to reinforce phishing email detection and response

The Last Watchdog

Human beings remain the prime target in the vast majority of malicious attempts to breach company networks. Related: Stealth tactics leveraged to weaponize email. Cybersecurity awareness training is valuable and has its place. Yet as Black Hat USA 2021 returns today as a live event in Las Vegas, it remains so true that we can always be fooled — and that the prime vehicle for hornswoggling us remains phishing messages sent via business email.

Phishing 203
article thumbnail

Paragon: Yet Another Cyberweapons Arms Manufacturer

Schneier on Security

Forbes has the story : Paragon’s product will also likely get spyware critics and surveillance experts alike rubbernecking: It claims to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail, the industry sources said. One other spyware industry executive said it also promises to get longer-lasting access to a device, even when it’s rebooted. […].

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Threat actors leaked data stolen from EA, including FIFA code

Security Affairs

Threat actors that hacked Electronic Arts in June have leaked full data dump stolen from the company after the failure of the negotiation with the victim. In June, hackers have compromised the network of the gaming giant Electronic Arts (EA) and claimed to have stolen approximately 780 GB of data. The stolen data include the source code of the games, the source code of the FrostBite game engine and debug tools, FIFA 21 matchmaking server code, proprietary EA games frameworks, debug tools, SDK,

article thumbnail

New RAT Targets Russian Speakers

Data Breach Today

Malwarebytes Describes Unusual Tactics The Malwarebytes threat intelligence team has discovered a remote access Trojan apparently designed to target Russian speakers that may have combined a social engineering technique with a known exploit to maximize chances of infecting targets.

Access 331
article thumbnail

Black Hat insights: All-powerful developers begin steering to the promise land of automated security

The Last Watchdog

Software developers have become the masters of the digital universe. Related: GraphQL APIs pose new risks. Companies in the throes of digital transformation are in hot pursuit of agile software and this has elevated developers to the top of the food chain in computing. There is an argument to be made that agility-minded developers, in fact, are in a terrific position to champion the rearchitecting of Enterprise security that’s sure to play out over the next few years — much more so than me

Security 203
article thumbnail

The European Space Agency Launches Hackable Satellite

Schneier on Security

Of course this is hackable: A sophisticated telecommunications satellite that can be completely repurposed while in space has launched. […]. Because the satellite can be reprogrammed in orbit, it can respond to changing demands during its lifetime. […]. The satellite can detect and characterise any rogue emissions, enabling it to respond dynamically to accidental interference or intentional jamming.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

VMware addresses critical flaws in its products

Security Affairs

VMware has addressed a critical vulnerability that affects multiple products that could be exploited to gain access to confidential information. VMware has released security updates to address multiple flaws in its products, including a critical issue that could allow an attacker to access confidential information. A couple of vulnerabilities tracked as CVE-2021-22002 and CVE-2021-22003, impact Workspace One Access (Access), Identity Manager (vIDM), vRealize Automation (vRA), Cloud Foundation, a

IT 144
article thumbnail

Countering Cyberthreats: 2 Legislative Proposals Introduced

Data Breach Today

One Measure Calls for Sanctions Against Nations Tolerating Ransomware Gangs Two bipartisan bills introduced in Congress this week seek to address cyberthreats. One calls for imposing sanctions against countries that allow ransomware gangs to operate within their borders. Another would require law enforcement agencies to better track cybercrime statistics to identify trends.

article thumbnail

Black Hat insights: The retooling of SOAR to fit as the automation core protecting evolving networks

The Last Watchdog

In less than a decade, SOAR — security orchestration, automation and response — has rapidly matured into an engrained component of the security technology stack in many enterprises. Related: Equipping SOCs for the long haul. SOAR has done much since it entered the cybersecurity lexicon to relieve the cybersecurity skills shortage. SOAR leverages automation and machine learning to correlate telemetry flooding in from multiple security systems.

Cloud 203
article thumbnail

Zoom Lied about End-to-End Encryption

Schneier on Security

The facts aren’t news, but Zoom will pay $85M — to the class-action attorneys, and to users — for lying to users about end-to-end encryption, and for giving user data to Facebook and Google without consent. The proposed settlement would generally give Zoom users $15 or $25 each and was filed Saturday at US District Court for the Northern District of California.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Italian energy company ERG hit by LockBit 2.0 ransomware gang

Security Affairs

ERG SPA, an Italian energy company, reports a minor impact on its operations after the recent ransomware attack conducted by LockBit 2.0 gang. Recently the Italian energy company ERG was hit by the LockBit 2.0 ransomware gang, now the company reported “only a few minor disruptions” for its ICT infrastructure. The company is active in the production of wind energy, solar energy, hydroelectric energy and high-yield thermoelectric cogeneration energy with low environmental impact. ̶

article thumbnail

Audit Slams FDIC for Inadequate Mobile Device Security

Data Breach Today

OIG Outlines Shortcomings, Recommends Fixes The FDIC has failed to properly update its policies for mobile device usage, conduct regular control assessments of its mobile device management solution or adequately log and monitor mobile cybersecurity practices, according to a new report from the Office of the Inspector General.

Security 329
article thumbnail

Open Source Security: A Big Problem

eSecurity Planet

Open source security has been a big focus of this week’s Black Hat conference, but no open source security initiative is bolder than the one proffered by the Open Source Security Foundation (OpenSSF). Amid discussions on the security of open source technologies like eBPF and Hadoop, OpenSSF speakers Jennifer Fernick, SVP and head of global research at NCC Group, and Christopher Robinson, Intel’s director of security communications, outlined the group’s vision to secure open sou

Security 143
article thumbnail

MacOS Flaw in Telegram Retrieves Deleted Messages

Threatpost

Telegram declined to fix a scenario in which the flaw can be exploited, spurring a Trustwave researcher to decline a bug bounty and to disclose his findings instead.

143
143
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

More evidence suggests that DarkSide and BlackMatter are the same group

Security Affairs

Researchers found evidence that the DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation. BleepingComputer found evidence that after the clamorous Colonia Pipeline attack, the DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation. The experts analyzed encryption algorithms in a decryptor used by BlackMatter, which is actively attacking corporate entities.

article thumbnail

UF Health Central Florida: Cyberattack Leads to PHI Breach

Data Breach Today

Incident Bears Similarities to Recent Attack at Scripps Health In the wake of a recent cyberattack on UF Health Central Florida that disrupted access to patients' electronic health records for about a month during recovery, the entity is now reporting the incident also exposed patient information.

Access 329
article thumbnail

Supply Chain Flaws Found in Python Package Repository

eSecurity Planet

Administrators overseeing the Python Package Index (PyPI) in recent days found themselves responding to vulnerabilities found in the repository of open source software, the latest security problems to hit the Python community. Most recently, the PyPI group sent out fixes for three vulnerabilities that were discovered by security researcher RyotaK and published on his blog.

Mining 143
article thumbnail

Angry Affiliate Leaks Conti Ransomware Gang Playbook

Threatpost

The data includes IP addresses for Cobalt Strike C2 servers as well as an archive including numerous tools and training materials for the group, revealing how it performs attacks.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Conti ransomware affiliate leaked gang’s training material and tools

Security Affairs

An affiliate of the Conti RaaS has leaked the training material shared by the group with its network along with the info about one of the operators. An affiliate of the Conti RaaS has leaked the training material provided by the group to the customers of its RaaS, he also published the info about one of the operators. The Conti Ransomware operators offer their services to their affiliates and maintain 20-30% of each ransom payment.

article thumbnail

NSA Reminder: Beware of Public Wi-Fi

Data Breach Today

Agency Emphasizes Value of VPNs, Other Security Steps Teleworking U.S. national security employees are putting sensitive data at risk if they use public Wi-Fi networks without using a virtual private network to encrypt the traffic, the National Security Agency notes in a new advisory.

article thumbnail

U.S. Rep. Castor Reintroduces Kids PRIVCY Act with Updated Provisions

Hunton Privacy

On July 29, 2021, U.S. Representative Rep. Kathy Castor (D-Florida), a member of the House Energy and Commerce Committee, reintroduced the Protecting the Information of our Vulnerable Children and Youth Act (the “Bill”). The Bill would update the Children’s Online Privacy Protection Act (“COPPA”) to, among other requirements: (1) cover teens ages 13-17; (2) expand the categories of information considered to be “personal” (to include physical characteristics, biometric information, health inform

Privacy 125