Sat.Jul 30, 2022 - Fri.Aug 05, 2022

article thumbnail

Tracking Ransomware: Here's Everything We Still Don’t Know

Data Breach Today

Known Unknowns Include Count of Victims and Ransoms Paid, Criminal Profits and More How many organizations fall victim to a ransomware outbreak? How many victims pay a ransom? How many victims see stolen data get leaked? A new study from the EU's cybersecurity agency ENISA offers answers, but carries major caveats due to rampant underreporting of such attacks.

article thumbnail

You Need a Password Manager. Here Are the Best Ones

WIRED Threat Level

Keep your logins locked down with our favorite apps for PC, Mac, Android, iPhone, and web browsers.

Passwords 145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Zero-Day Defense: Tips for Defusing the Threat

Dark Reading

Because they leave so little time to patch and defuse, zero-day threats require a proactive, multilayered approach based on zero trust.

110
110
article thumbnail

Scammers Sent Uber to Take Elderly Lady to the Bank

Krebs on Security

Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters. In this case, the woman figured out she was being scammed before embarking for the bank, but her story is a chilling reminder of how far crooks will go these days to rip people off.

Passwords 306
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Hackers Steal $8M in Ongoing Attack on Solana Hot Wallets

Data Breach Today

Cause of Attack Is Unknown, Moving Funds to Cold Wallets Recommended Hackers are using an unknown exploit to draw down internet-connected wallets on the Solana blockchain. So far, thieves have made off with about $8 million worth of cryptocurrency, predominantly from mobile wallet users of Phantom and Slope. Solana is working to identify the root cause.

More Trending

article thumbnail

Sending Spammers to Password Purgatory with Microsoft Power Automate and Cloudflare Workers KV

Troy Hunt

How best to punish spammers? I give this topic a lot of thought because I spend a lot of time sifting through the endless rubbish they send me. And that's when it dawned on me: the punishment should fit the crime - robbing me of my time - which means that I, in turn, need to rob them of their time. With the smallest possible overhead on my time, of course.

Passwords 145
article thumbnail

No SOCKS, No Shoes, No Malware Proxy Services!

Krebs on Security

With the recent demise of several popular “proxy” services that let cybercriminals route their malicious traffic through hacked PCs, there is now something of a supply chain crisis gripping the underbelly of the Internet. Compounding the problem, several remaining malware-based proxy services have chosen to block new registrations to avoid swamping their networks with a sudden influx of customers.

Sales 281
article thumbnail

Big Clinic Breach Tied to Vendor's 2021 Ransomware Attack

Data Breach Today

Florida Urgent Care Center Says Incident Involved Billing Vendor PracticeMax A Florida operator of urgent care clinics recently reported to federal regulators a health data breach affecting more than 258,000 individuals tied to a vendor's ransomware attack in May 2021. Why did it take so long to determine that the incident resulted in breach of protected health information?

article thumbnail

A flaw in Dahua IP Cameras allows full take over of the devices

Security Affairs

A vulnerability, tracked as CVE-2022-30563, impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The CVE-2022-30563 vulnerability impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The issue affects Dahua’s implementation of the Open Network Video Interface Forum ( ONVIF ). ONVIF provides and promotes standardized interfaces for effective interoperability of IP-based physical security products.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

New Linux Malware Surges, Surpassing Android

eSecurity Planet

Linux malware is skyrocketing and now surpasses both macOS and Android, according to a new report, suggesting that cybercriminals are increasingly targeting the open source operating system. The Atlas VPN report said the number of new Linux malware samples collected soared by 646% from the first half of 2021 to the first half of 2022, from 226,334 samples to nearly 1.7 million.

article thumbnail

Surveillance of Your Car

Schneier on Security

TheMarkup has an extensive analysis of connected vehicle data and the companies that are collecting it. The Markup has identified 37 companies that are part of the rapidly growing connected vehicle data industry that seeks to monetize such data in an environment with few regulations governing its sale or use. While many of these companies stress they are using aggregated or anonymized data, the unique nature of location and movement data increases the potential for violations of user privacy.

Sales 128
article thumbnail

Check Point Execs: Supply Chain Woes Will Persist Into 2023

Data Breach Today

Check Point Beats Q2 Earnings Forecast Despite Spike in Materials, Shipping Costs Continued supply chain costs dampened an otherwise positive Q2 earnings report for Check Point. The company is spending historic mounts on buying raw materials on the open market and shipping those materials to the production line – an expense issue expected to stretch into 2023.

Marketing 319
article thumbnail

New Linux botnet RapperBot brute-forces SSH servers

Security Affairs

RapperBot is a new botnet employed in attacks since mid-June 2022 that targets Linux SSH servers with brute-force attacks. Researchers from FortiGuard Labs have discovered a new IoT botnet tracked as RapperBot which is active since mid-June 2022. The bot borrows a large portion of its code from the original Mirai botnet, but unlike other IoT malware families, it implements a built-in capability to brute force credentials and gain access to SSH servers instead of Telnet as implemented in Mirai.

IoT 143
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Best Encryption Software for 2022

eSecurity Planet

It’s been a couple of decades since data tapes delivered by trucks made encryption a standard enterprise cybersecurity practice. Yet even as technology has changed, sending and receiving data remains a major vulnerability, ensuring encryption’s place as a foundational security practice. Attackers can intercept data transfers, and from there gain access to all manner of sensitive data.

article thumbnail

Ring Gives Videos to Police without a Warrant or User Consent

Schneier on Security

Amazon has revealed that it gives police videos from its Ring doorbells without a warrant and without user consent. Ring recently revealed how often the answer to that question has been yes. The Amazon company responded to an inquiry from US Senator Ed Markey (D-Mass.), confirming that there have been 11 cases in 2022 where Ring complied with police “emergency” requests.

Access 126
article thumbnail

Okta's Marc Rogers on Why Beating Ransomware Is a Team Sport

Data Breach Today

Increased collaboration between the public and private sectors hasn't slowed the increased frequency and ease of ransomware intrusions, but efforts to change the financial incentives of ransomware are having "a pretty good effect," says Marc Rogers, vice president of cybersecurity strategy at Okta.

article thumbnail

Mysterious threat actor TAC-040 used previously undetected Ljl Backdoor

Security Affairs

A threat actor, tracked as TAC-040, exploited Atlassian Confluence flaw CVE-2022-26134 to deploy previously undetected Ljl Backdoor. Cybersecurity firm Deepwatch reported that a threat actor, tracked as TAC-040, has likely exploited the CVE-2022-26134 flaw in Atlassian Confluence servers to deploy a previously undetected backdoor dubbed Ljl Backdoor.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

High-Severity Bug in Kaspersky VPN Client Opens Door to PC Takeover

Dark Reading

The CVE-2022-27535 local privilege-escalation security vulnerability in the security software threatens remote and work-from-home users.

Security 145
article thumbnail

TSA Transitions To Results-Based Approach in Revised Pipeline Cybersecurity Directive In Response to Industry Feedback

Data Protection Report

The Transportation Security Administration (“TSA”) announced on July 21, 2022 that it is transitioning to a less prescriptive and more result-based approach in its revised emergency cybersecurity directive for critical gas and liquid pipeline companies. The Security Directive Pipeline-2021-02C (“ SD02C ”), effective July 27, 2022, represents a significant departure from the highly prescriptive requirements set forth in its predecessor directives (SD 2021-02A and SD 2021-02B) issued by the TSA l

article thumbnail

Fortinet Looks to Address Rising Costs with Price Increases

Data Breach Today

Fortinet Says Price Hikes Have More Than Offset Supply Chain and Geopolitical Issues Fortinet has raised prices on products and services to address macroeconomic challenges including shipping delays, longer activation timelines, and the suspension of sales in Russia. The company says price hikes have more than offset supply chain and geopolitical headwinds in recent months.

Sales 297
article thumbnail

Cisco addressed critical flaws in Small Business VPN routers

Security Affairs

Cisco fixes critical remote code execution vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. Cisco addressed a critical security vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. The flaw resides in the web-based management interface of several Small Business VPN routers, including Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers.

Security 138
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Chromium Browsers Allow Data Exfiltration via Bookmark Syncing

Dark Reading

"Bruggling" emerges as a novel technique for pilfering data out from a compromised environment — or for sneaking in malicious code and attack tools.

134
134
article thumbnail

Cobalt Strike Inspires Next-generation Crimeware

eSecurity Planet

Cobalt Strike is a legitimate vulnerability scanning and pentesting tool that has long been a favorite tool of hackers , and it’s even been adapted by hackers for Linux environments. And now it’s inspiring imitators. Cisco Talos researchers have disclosed a new toolset used in the wild by threat actors as an alternative to Cobalt Strike or Silver.

article thumbnail

Weary Cybercriminals Turn to Cryptojacking Banks: Report

Data Breach Today

Crackdown on Ransomware has Operators Seeking Alternatives Hackers are turning to cryptojacking to make easy money despite the fall in cryptocurrency valuation, including ransomware cybercriminals attracted by the lower stakes world of cryptojacking, says threat intelligence firm SonicWall. The financial industry has seen a surge in cryptojacking attacks.

article thumbnail

CISA adds Zimbra email bug to Known Exploited Vulnerabilities Catalog

Security Affairs

US Critical Infrastructure Security Agency (CISA) adds a recently disclosed flaw in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added a recently disclosed flaw in the Zimbra email suite, tracked as CVE-2022-27924 , to its Known Exploited Vulnerabilities Catalog.

Passwords 138
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

SIKE Broken

Schneier on Security

SIKE is one of the new algorithms that NIST recently added to the post-quantum cryptography competition. It was just broken , really badly. We present an efficient key recovery attack on the Supersingular Isogeny Diffie­-Hellman protocol (SIDH), based on a “glue-and-split” theorem due to Kani. Our attack exploits the existence of a small non-scalar endomorphism on the starting curve, and it also relies on the auxiliary torsion point information that Alice and Bob share during the pro

Security 116
article thumbnail

Hackers Find Alternatives to Microsoft Office Macros

eSecurity Planet

Hackers have been exploiting macros in Microsoft Office products for years, but now their tactics are changing as Microsoft has begun blocking macros by default. The typical attack scenario involves phishing via email attachments, such as Word, Excel or PowerPoint documents containing malicious macros infected with malware. Such documents are common in enterprises, and the Microsoft Office suite is widely used.

Phishing 117
article thumbnail

US Extradites Russian Accused of Crypto Laundering

Data Breach Today

Alexander Vinnik Makes First Apperance in US Federal Court Accused cryptocurrency money launder Alexander Vinnik made his first appearance in U.S. federal court today. The Russian national faces 55 years imprisonment for his alleged involvement in laundering hacking proceeds through bitcoin on the BTC-e cryptocurrency exchange.

278
278