Sat.Oct 15, 2022 - Fri.Oct 21, 2022

article thumbnail

Police in Europe Arrest 31 for Hacking and Stealing Autos

Data Breach Today

Keyless Auto Theft Mounting Threat for Car Owners A European ring of auto thieves used software branded as a diagnostic tool to make fobless thefts of cars made by two French manufacturers. It looks like the thieves found a vulnerability in the electronic control unit governing the authorization of new key fobs.

article thumbnail

Experts spotted a new undetectable PowerShell Backdoor posing as a Windows update

Security Affairs

Cybersecurity researchers warn of a new PowerShell backdoor that disguises itself as part of the Windows update process to avoid detection. Cybersecurity researchers from SafeBreach a warning of a new PowerShell backdoor masqueraded as a Windows update process to avoid detection. The backdoor spreads via weaponized Word documents (“ Apply Form.docm.”) posing as a LinkedIn-based job application.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Emotional Toll From Cyberattacks Can Linger Among Staff for Years

Dark Reading

Research shows 1 in 7 employees involved in a cyberattack exhibits clinical trauma symptoms months after the incident.

108
108
article thumbnail

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Krebs on Security

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed. A similarly dramatic drop in the number of LinkedIn profiles claiming employment at Amazon comes as LinkedIn is struggling to combat a significant uptick in the creation of fake employee accounts that pair AI-generated profile photos with text lifted from legitimate users.

IT 315
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Mango Markets Set to Pay $47M Bug Bounty to Hacker

Data Breach Today

96% of Voting Tokens favor Deal; Mango Markets Will Not Pursue Criminal Charges Decentralized finance exchange Mango Markets is set to pay $47 million as bug bounty to the hacker who stole $117 million in digital assets on Wednesday. Mango Markets is a trading platform riding on the Solana blockchain.

Marketing 358

More Trending

article thumbnail

Palo Alto Networks fixed a high-severity auth bypass flaw in PAN-OS

Security Affairs

Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 software. Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS score 8.1), impacting the PAN-OS 8.1 software. “An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to imper

article thumbnail

How Card Skimming Disproportionally Affects Those Most In Need

Krebs on Security

When people banking in the United States lose money because their payment card got skimmed at an ATM , gas pump or grocery store checkout terminal , they may face hassles or delays in recovering any lost funds, but they are almost always made whole by their financial institution. Yet, one class of Americans — those receiving food assistance benefits via state-issued prepaid debit cards — are particularly exposed to losses from skimming scams, and usually have little recourse to do an

Retail 276
article thumbnail

Proof of Concept: California's First Consumer Privacy Fine

Data Breach Today

Also: Defending Against New Ransomware Tactics; Mitigating Impact of Zelle Scams In the latest "Proof of Concept," Lisa Sotto of Hunton Andrews Kurth LLP and former CISO David Pollino join ISMG editors discuss the first California consumer protection fine issued against retailer Sephora, defending against new ransomware tactics, and mitigating the impact of Zelle scams.

Retail 327
article thumbnail

GUEST ESSAY: A breakout of how Google, Facebook, Instagram enable third-party snooping

The Last Watchdog

More and more consumers are using apps every year. In fact, Google Play users downloaded 111.3 billion apps in 2021 alone, up more than 47 percent since 2018. Related: Microsoft CEO calls for regulating facial recognition. This increased demand for apps also raises the need for improved data protection measures, which Google took steps to address with the new data safety section they launched in July 2022.

Privacy 192
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Over 17000 Fortinet devices exposed online are very likely vulnerable to CVE-2022-40684

Security Affairs

Fortinet confirmed that many systems are still vulnerable to attacks exploiting the CVE-2022-40684 zero-day vulnerability. Fortinet is urging customers to address the recently discovered CVE-2022-40684 zero-day vulnerability. Unfortunately, the number of devices that have yet to be patched is still high. “After multiple notifications from Fortinet over the past week, there are still a significant number of devices that require mitigation, and following the publication by an outside party o

article thumbnail

Anti-Money Laundering Service AMLBot Cleans House

Krebs on Security

AMLBot , a service that helps businesses avoid transacting with cryptocurrency wallets that have been sanctioned for cybercrime activity, said an investigation published by KrebsOnSecurity last year helped it shut down three dark web services that secretly resold its technology to help cybercrooks avoid detection by anti-money laundering systems. Antinalysis, as it existed in 2021.

article thumbnail

After the Sullivan Verdict: A CISO's Guide to Avoiding Jail

Data Breach Today

Guilty Verdict for Breach Cover-Up a Reminder to Maintain Playbooks, Legal Cover In the wake of former Uber CSO Joe Sullivan being found guilty of a criminal data breach cover-up, legal experts say CISOs shouldn't be running scare, but should ensure they have well-defined incident response playbooks and remember to always clearly document what they're doing and why.

article thumbnail

Qatar Spyware

Schneier on Security

Everyone visiting Qatar for the World Cup needs to install spyware on their phone. Everyone travelling to Qatar during the football World Cup will be asked to download two apps called Ehteraz and Hayya. Briefly, Ehteraz is an covid-19 tracking app, while Hayya is an official World Cup app used to keep track of match tickets and to access the free Metro in Qatar.

Access 141
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Indian power generation giant Tata Power hit by a cyber attack

Security Affairs

Tata Power Company Limited, India’s largest power generation company, announced it was hit by a cyberattack. Tata Power on Friday announced that was hit by a cyber attack. Threat actors hit the Information Technology (IT) infrastructure of the company. The company confirmed that the security breach impacted “some of its IT systems.” “The Tata Power Company Limited had a cyber attack on its IT infrastructure impacting some of its IT systems.

Access 144
article thumbnail

How to Decrypt Ransomware Files – And What to Do When That Fails

eSecurity Planet

For any organization struck by ransomware , business leaders always ask “how do we decrypt the data ASAP, so we can get back in business?”. The good news is that ransomware files can be decrypted. The bad news is it doesn’t work most of the time: Paid ransom decryption tools and keys don’t always work. Free decryption tools don’t always work. Paid decryption tools don’t always work.

article thumbnail

Hackers Threaten to Sell Stolen Medibank Data, Seek Ransom

Data Breach Today

Australian Insurance Firm 'Working Urgently' to Verify Theft Claim Australian health insurer Medibank says it received a ransomware demand from hackers asserting to have stolen data during a cybersecurity incident the company detected on Oct. 12. "Based on our ongoing forensic investigation we are treating the matter seriously at this time," the company says.

Insurance 319
article thumbnail

Hacking Automobile Keyless Entry Systems

Schneier on Security

Suspected members of a European car-theft ring have been arrested : The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away. As a result of a coordinated action carried out on 10 October in the three countries involved, 31 suspects were arrested. A total of 22 locations were searched, and over EUR 1 098 500 in criminal assets seized.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Japanese tech firm Oomiya hit by LockBit 3.0. Multiple supply chains potentially impacted

Security Affairs

The IT infrastructure of the Japanese tech company Oomiya was infected with the LockBit 3.0 ransomware. One of the affiliates for the LockBit 3.0 RaaS hit the Japanese tech company Oomiya. Oomiya is focused on designing and manufacturing microelectronics and facility system equipment. The business of Omiya Kasei is divided into four major areas, manufacturing and designing chemical and industrial products, designing electronic materials, pharmaceutical development, and factory manufacturing.

article thumbnail

The proposed EU Cyber Resilience Act: what it is and how it may impact the supply chain

Data Protection Report

On 15 September 2022, the European Commission published its proposal for a new Regulation which sets out cybersecurity related requirements for products with “digital elements”, known as the proposed Cyber Resilience Act (the CRA ). . The CRA introduces common cybersecurity rules for manufacturers, developers and distributors of products with digital elements, covering both hardware and software.

article thumbnail

New Data Leaks Add to Australia's Data Security Reckoning

Data Breach Today

MyDeal Data Appears Online, Vinomofo Discloses Breach, Optus Fallout Continues Personal data from MyDeal, a marketplace owned by Australia's Woolworths Group grocery chain, has appeared for sale on a data leak forum. It comes as wine retailer Vinomofo disclosed a breach and as the Optus telecommunications breach continues to fuel data security concerns in Australia.

Retail 305
article thumbnail

Are You a CISO Building Your Risk Register for 2023? Read This First

Dark Reading

Achieving basic IT hygiene is 99% of the game.

Risk 131
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

New UEFI rootkit Black Lotus offered for sale at $5,000

Security Affairs

Black Lotus is a new, powerful Windows UEFI rootkit advertised on underground criminal forums, researcher warns. Cybersecurity researcher Scott Scheferman reported that a new Windows UEFI rootkit, dubbed Black Lotus, is advertised on underground criminal forums. The powerful malware is offered for sale at $5,000, with $200 payments per new updates. The researcher warns that the availability of this rootkit in the threat landscape represents a serious threat for organizations due to its evasion a

Sales 144
article thumbnail

Cloud Security: The Shared Responsibility Model

eSecurity Planet

Cloud security builds off of the same IT infrastructure and security stack principles of a local data center. However, a cloud vendor offering provides a pre-packaged solution that absorbs some operational and security responsibilities from the customer. Exactly which responsibilities the cloud vendor absorbs depends upon the type of solution. While cloud security offerings provide a wide spectrum of choices, there are three generalized situations to compare against on-premises data centers: inf

Cloud 128
article thumbnail

Why Are We So Stupid About Passwords? SSH and RDP Edition

Data Breach Today

Poor Credential Hygiene Leaves Remote Services at Risk of Brute Force Attacks If remote access to corporate networks is only as secure as the weakest link, only some dreadfully weak passwords now stand between hackers and many organizations' most sensitive data, according to new research from Rapid7 into the two most widely used remote access protocols - SSH and RDP.

Passwords 274
article thumbnail

Interview with Signal’s New President

Schneier on Security

Long and interesting interview with Signal’s new president, Meredith Whittaker: WhatsApp uses the Signal encryption protocol to provide encryption for its messages. That was absolutely a visionary choice that Brian and his team led back in the day ­- and big props to them for doing that. But you can’t just look at that and then stop at message protection.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Bulgaria hit by a cyber attack originating from Russia

Security Affairs

Government institutions in Bulgaria have been hit by a cyber attack during the weekend, experts believe it was launched by Russian threat actors. The infrastructure of government institutions in Bulgaria has been hit by a massive DDoS attack. The attack started on Saturday and experts believe that it was orchestrated by Russian threat actors. ??????????

article thumbnail

New Phishing Attack Attempts to Steal Social Security Numbers

KnowBe4

A phishing campaign is impersonating the US Social Security Administration (SSA) in an attempt to steal Social Security numbers, according to researchers at INKY.

Phishing 126
article thumbnail

Australian Insurer Medibank Says Incident Was Ransomware

Data Breach Today

Apparent Spate of Australian Data Breaches Continues Australian health insurer Medibank told investors it stopped a probable ransomware attack before the attack could steal data or maliciously encrypt its systems. Australia has been undergoing an apparent spate of data breaches that continues with a breach of email addresses at e-commerce site MyDeal.

Insurance 246