Sat.Jul 16, 2022 - Fri.Jul 22, 2022

article thumbnail

Getting to Zero Trust Requires Good Cybersecurity Baselines

Data Breach Today

ManageEngine's Harish Sekar on the Challenges of Addressing How to Do Zero Trust Harish Sekar, senior technical evangelist & head of business development, ManageEngine, discusses the ways in which a CISO's job can be a "nightmare," offers tips on how to manage the "how" as well as the "what" of zero trust and handle product sprawl, and weighs in on the importance of false positives.

article thumbnail

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

The 911 service as it exists today. For the past seven years, an online service known as 911 has sold access to hundreds of thousands of Microsoft Windows computers daily, allowing customers to route their Internet traffic through PCs in virtually any country or city around the globe — but predominantly in the United States. 911 says its network is made up entirely of users who voluntarily install its “free VPN” software.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Trojanized Password Crackers Targeting Industrial Systems

Dark Reading

Tools purporting to help organizations recover lost passwords for PLCs are really droppers for malware targeting industrial control systems, vendor says.

Passwords 141
article thumbnail

Facebook Is Now Encrypting Links to Prevent URL Stripping

Schneier on Security

Some sites, including Facebook, add parameters to the web address for tracking purposes. These parameters have no functionality that is relevant to the user, but sites rely on them to track users across pages and properties. Mozilla introduced support for URL stripping in Firefox 102 , which it launched in June 2022. Firefox removes tracking parameters from web addresses automatically, but only in private browsing mode or when the browser’s Tracking Protection feature is set to strict.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Settlements Reached In 2 Large Healthcare Hack Lawsuits

Data Breach Today

Experts: Class Actions Filed in Wake of Big Data Breaches Keep Growing Two recent data breach lawsuit settlements by healthcare organizations underscore mounting liability risk stemming from a growing number of lawsuits. Missouri-based BJC Healthcare has agreed to pay up to $2.7 million to settle while Indiana-based Methodist Hospitals is on the hook for $425,000.

Big data 315

More Trending

article thumbnail

Crooks stole $375k from Premint NFT, it is one of the biggest NFT hacks ever

Security Affairs

Threat actors hacked the popular NFT platform, Premint NFT and stole 314 NFTs. The popular NFT platform, Premint NFT, was hacked, the threat actors compromised its official website and stole 314 NFTs. According to the experts from blockchain security firm CertiK, this is one of the biggest NFT hacks on record. The analysis of the experts revealed that the threat actors planted a malicious JavaScript code to premint.xyz.

IT 145
article thumbnail

Copyright Claim Email is a LockBit Ransomware Phishing Attack in Disguise

KnowBe4

The latest iteration in Copyright Claim scams is an evolution of this repeated attack method that has proven to get the attention – and response – of victims over the last few years.

Phishing 141
article thumbnail

Blockchain Security Firm Halborn Raises $90M to Guard Crypto

Data Breach Today

The Series A Proceeds Will Help Halborn Expand Its Audit and Pen Testing Services Halborn raised $90 million to expand its audit and penetration testing services and more effectively safeguard the crypto industry. The proceeds will bolster its protection for cryptocurrency lending protocols and better defend the money flowing into and out of the cryptocurrency ecosystem.

article thumbnail

The Kronos Ransomware Attack: What You Need to Know So Your Business Isn't Next

Dark Reading

Identify your business's security posture and head off ransomware attacks with third-party risk management and vendor security assessments.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

New Luna ransomware targets Windows, Linux and ESXi systems

Security Affairs

Kaspersky researchers discovered a new ransomware family written in Rust, named Luna, that targets Windows, Linux, and ESXi systems. Researchers from Kaspersky Lab detailed a new ransomware family named Luna, which is written in Rust and is able to target Windows, Linux, and ESXi systems. Luna ransomware is the third ransomware family that is written in Rust language, other malware strains are BlackCat and Hive.

article thumbnail

Critical Vulnerabilities in GPS Trackers

Schneier on Security

This is a dangerous vulnerability: An assessment from security firm BitSight found six vulnerabilities in the Micodus MV720 , a GPS tracker that sells for about $20 and is widely available. The researchers who performed the assessment believe the same critical vulnerabilities are present in other Micodus tracker models. The China-based manufacturer says 1.5 million of its tracking devices are deployed across 420,000 customers.

article thumbnail

Premint Fingers Open Source Flaw For NFT Hack

Data Breach Today

Premint NFT Shares $500K Attack Details, Promises Compensation Premint NFT platform users became victims last weejend of one of the biggest NFT attacks ever. The company says an open-source vulnerability led to the compromise of its website, resulting in its users losing about $500,000 worth of blockchain assets.

article thumbnail

Mysterious, Cloud-Enabled macOS Spyware Blows Onto the Scene

Dark Reading

The CloudMensis spyware, which can lift reams of sensitive information from Apple machines, is the first Mac malware observed to exclusively rely on cloud storage for C2 activities.

Cloud 129
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Several apps on the Play Store used to spread Joker, Facestealer and Coper malware

Security Affairs

Google blocked dozens of malicious apps from the official Play Store that were spreading Joker, Facestealer, and Coper malware families. Google has removed dozens of malicious apps from the official Play Store that were distributing Joker, Facestealer, and Coper malware families. Researchers from security firms Pradeo discovered multiple apps spreading the Joker Android malware.

article thumbnail

Personal Data Breach Notification – it's time to scrap the unfair rules that have been imposed on Communication Service providers

Data Protector

In August 2013 the European Commission introduced new rules to require Communication Service Providers to report all personal data breaches, no matter how minor, to local data protection regulators within 24 hours of the incident being detected [Art 2]. Reporting delays would result in providers being subject to ICO fines. Significant breaches were also required to be reported to the impacted individuals [Art 3].

article thumbnail

Romanian Malware Hosting Vendor Extradited to US

Data Breach Today

Mihai Paunescu, aka Virus, Faces 3 Criminal Counts in Court The DOJ extradited from Colombia 37-year-old Mihai Ionut Paunescu, who faces criminal charges for allegedly running a "bulletproof" hosting service that helped cybercriminals launch malware attacks. He is set to undergo trial for conspiracy to commit computer intrusion, bank fraud and wire fraud.

294
294
article thumbnail

Unpatched GPS Tracker Security Bugs Threaten 1.5M Vehicles with Disruption

Dark Reading

A GPS device from MiCODUS has six security bugs that could allow attackers to monitor 1.5 million vehicles that use the tracker, or even remotely disable vehicles.

Security 127
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Atlassian patched a critical Confluence vulnerability

Security Affairs

Atlassian released security updates to address a critical security vulnerability affecting Confluence Server and Confluence Data Center. Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data Center tracked as CVE-2022-26138. A remote, unauthenticated attacker can exploit the vulnerability to log into unpatched servers.

Passwords 136
article thumbnail

Lilith: The Latest Threat in Ransomware

eSecurity Planet

Discovered by malware hunter JAMESWT on Twitter, Lilith is ransomware designed to lock Windows machines. The malware exfiltrates data before encrypting the targeted devices to provide additional means of extortion. The ransom note contains the following ultimatum and instructions: Victims have three days to contact the threat actors on a hidden Onion website to pay the ransom.

article thumbnail

Proof of Concept: A New Era for Digital Identity?

Data Breach Today

Also: CISA's 18% Budget Increase; Software Bill of Materials Challenges Venable's Grant Schneider and Jeremy Grant and ISMG editors discuss progress at the U.S. federal level in developing legislation for digital identity, the significance of an 18% increase in funding for CISA in fiscal year 2023 and the challenges of expanding the use of software bills of materials.

262
262
article thumbnail

FBI Warns of Phony Cryptocurrency Investment Apps

KnowBe4

Cryptocurrency investors have lost nearly $43 million to fraudulent cryptocurrency investment apps, according to the US Federal Bureau of Investigation (FBI).

119
119
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Crooks create rogue cryptocurrency-themed apps to steal crypto assets from users

Security Affairs

The U.S. FBI has warned of crooks developing malicious cryptocurrency-themed apps to steal crypto assets from the users. The U.S. Federal Bureau of Investigation (FBI) has warned of crooks creating malicious cryptocurrency-themed apps to steal crypto assets from investors. Crooks contact US investors claiming to offer legitimate cryptocurrency investment services, and attempt to trick them into downloading fraudulent mobile apps that they have created.

article thumbnail

Weekly Update 305

Troy Hunt

I broke Yoda's stick! 3D printing woes, and somehow I managed to get through the explanation without reverting to a chorus of My Stick by a Bad Lip Reading (and now you'd got that song stuck in your head). Loads of data breaches this week and whilst "legacy", still managed to demonstrate how bad some practices remain today (hi Shadi.com 👋).

article thumbnail

BlackCat Adds Brute Ratel Pentest Tool to Attack Arsenal

Data Breach Today

Gang Targets Large Corporations Across the U.S., Europe and Asia The cybercriminals behind BlackCat ransomware have upgraded their arsenal by adding Brute Ratel, a pentesting tool with remote access features that are used by attackers. The group targets large corporations in different industry segments across the U.S., Europe and Asia.

article thumbnail

Striving for 100% Completion Rates: Getting Compliance on Your Compliance Training

KnowBe4

At the last few conferences I have attended and spoken at, including our own KB4-CON 2022, I noticed a question that many people have struggled with for years rearing its ugly head again.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

A massive cyberattack hit Albania

Security Affairs

A synchronized criminal attack from abroad hit Albania over the weekend, all Albanian government systems shut down following the cyberattack. Albania was hit by a massive cyberattack over the weekend, the government confirmed on Monday. A synchronized criminal attack from abroad hit the servers of the National Agency for Information Society (AKSHI), which handles many government services. “In order to withstand these unprecedented and dangerous strikes, we have been forced to close down go

article thumbnail

Russia Creates Malware False-Flag App

Schneier on Security

The Russian hacking group Turla released an Android app that seems to aid Ukrainian hackers in their attacks against Russian networks. It’s actually malware, and provides information back to the Russians: The hackers pretended to be a “community of free people around the world who are fighting russia’s aggression”—much like the IT Army.

IT 115
article thumbnail

Romanian Who Allegedly Sold Malware Hosting Extradited to US

Data Breach Today

Mihai Paunescu, aka Virus, Faces 3 Criminal Counts in Court The DOJ extradited from Colombia 37-year-old Mihai Ionut Paunescu, who faces criminal charges for allegedly running a "bulletproof" hosting service that helped cybercriminals launch malware attacks. He is set to undergo trial for conspiracy to commit computer intrusion, bank fraud and wire fraud.

246
246