WIRED Threat Level

NOVEMBER 26, 2022

Plus: WikiLeaks’ website is falling apart, tax websites are sending your data to Facebook, and cops take down a big phone-number-spoofing operation.

Privacy 81

Privacy Security 81

IG Guru

NOVEMBER 30, 2022

Check out the article here.

Information governance 75

Information governance Risk Compliance Government 75

IT Governance

DECEMBER 1, 2022

Welcome to our November 2022 review of data breaches and cyber attacks. We identified 95 security incidents throughout the month, accounting for 32,051,144 breached records. Almost half of that figure comes from two incidents. The first was a data breach at Twitter, in the latest PR disaster for the social media giant. Reports emerged late last week that user records were stolen using an API vulnerability that has since been fixed.

Data breaches 112

Data breaches Ransomware Personal data Insurance 112

Krebs on Security

NOVEMBER 28, 2022

A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh , which claims to be based in the United States. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan , malware designed to surreptitiously intercept and forward text messages from Android mob

Government 259

Government Risk IT Marketing 259

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Data Breach Today

NOVEMBER 29, 2022

Firms Fear that Involving Police in Response Will Have Regulatory Consequences U.K. businesses shy from involving police in cyber incident response for fear of regulatory consequences, lawmakers sitting on Parliament's Joint Committee on National Security Strategy heard. Allowing businesses to anonymously disclose incidents would result in more data, suggested a witness.

Security 262

Security 262

Data Breach Today

NOVEMBER 28, 2022

But Information Compiled by Other Attackers May Involve Millions of Other Accounts Information amassed on 5.4 million Twitter users by an attacker who abused one of the social network's APIs has been dumped online for free. While Twitter confirmed that breach, a researcher suggests other attackers also abused the feature to amass information for millions of other users.

239

239

Krebs on Security

DECEMBER 1, 2022

ConnectWise , which offers a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. The warning comes just weeks after the company quietly patched a vulnerability that makes it easier for phishers to launch these attacks.

Phishing 267

Phishing Passwords Access Cloud 267

Dark Reading

NOVEMBER 30, 2022

The simplicity and profitability of these attacks continue to appeal to threat actors a decade later.

92

92

Security Affairs

NOVEMBER 29, 2022

In today’s technological world, educating people about cybersecurity awareness is an absolute necessity. According to one report , 82% of data breaches involved the human element, from social attacks to misuse of technologies. These errors are not always entirely preventable, as some level of human error is inevitable, but proper training in cybersecurity awareness can greatly decrease the likelihood of human mistakes leading to data breaches.

Cybersecurity 100

Cybersecurity Data breaches Education Security 100

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Data Breach Today

DECEMBER 2, 2022

Some Customers at Risk of Identity Theft, South Staffordshire Water Belatedly Warns Is a four-month delay between learning your systems were breached and notifying affected customers acceptable? After spotting an attack in August, private utility South Staffordshire Water in England is only beginning to alert customers that they're at risk of identity theft.

Risk 324

Risk 324

The Last Watchdog

NOVEMBER 27, 2022

Government assistance can be essential to individual wellbeing and economic stability. This was clear during the COVID-19 pandemic, when governments issued trillions of dollars in economic relief. Related: Fido champions passwordless authentication. Applying for benefits can be arduous, not least because agencies need to validate applicant identity and personal identifiable information (PII).

Government 211

Government Blockchain Access Insurance 211

eSecurity Planet

DECEMBER 1, 2022

The Wiz Research Team recently discovered a supply chain vulnerability in IBM Cloud that they say is the first to impact a cloud provider’s infrastructure. In a dramatic flair, they named the flaw Hell’s Keychain. The security issues were reported to IBM Cloud in late August, and were patched in early September. Before it was patched, an attacker with knowledge of the vulnerability could run malicious code and modify data being stored by any IBM Cloud customer using PostgreSQL.

Cloud 135

Cloud Access Security Passwords 135

Security Affairs

DECEMBER 2, 2022

Qualys researchers demonstrated how to chain a new Linux flaw with two other two issues to gain full root privileges on an impacted system. Researchers at the Qualys’ Threat Research Unit demonstrated how to chain a new Linux vulnerability, tracked as CVE-2022-3328 , with two other flaws to gain full root privileges on an affected system. The vulnerability resides in the snap-confine function on Linux operating systems, a SUID-root program installed by default on Ubuntu.

Access 145

Access Security IT Information Security 145

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Data Breach Today

DECEMBER 1, 2022

Australian Information Commissioner Will Investigate Insurer's Security Practices The Russia-based ransomware gang behind the hack of Australia's largest private health insurer says it posted a full set of stolen data. The Australian Information Commissioner said it will probe the insurer's personal information handling practices.

Insurance 289

Insurance Ransomware Security IT 289

Hunton Privacy

NOVEMBER 30, 2022

On November 15, 2022, the Italian Supreme Court held that an Italian court or competent data protection authority has jurisdiction to issue a global delisting order. A delisting order requires a search engine to remove certain search results about individuals if the data subject’s privacy interests prevail over the general right to expression and information, and the economic interest of the search engine.

GDPR 133

GDPR Personal data Privacy IT 133

WIRED Threat Level

NOVEMBER 28, 2022

Google provided investigators with location data for more than 5,000 devices as part of the federal investigation into the attack on the US Capitol.

Security 145

Security 145

Security Affairs

DECEMBER 1, 2022

Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. Threat actors are exploiting a critical vulnerability, tracked as CVE-2022-0543 , in Redis (Remote Dictionary Server) servers.

Libraries 145

Libraries Honeypots Communications Cybersecurity 145

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Data Breach Today

DECEMBER 1, 2022

Feds Warn Impermissible Disclosures of Patient Health Data is Prohibited Federal regulators issued a warning to healthcare entities and their tech vendors that the use of tracking code embedded in patient portals that transmits patient information to third-parties could be a violation of HIPAA, and punishable with monetary fines.

292

292

eSecurity Planet

NOVEMBER 29, 2022

Group-IB cybersecurity researchers recently identified several Russian-speaking cybercrime groups offering infostealing malware-as-a-service (MaaS), resulting in the theft of more than 50 million passwords thus far. The cybercrime groups are using Raccoon and Redline malware to steal login credentials for Steam, Roblox, Amazon and PayPal, as well as payment records and crypto wallet information.

Passwords 127

Passwords Phishing Mining Marketing 127

KnowBe4

NOVEMBER 30, 2022

Every holiday season brings on an increase in gift card scams. Most people love to buy and use gift cards. They are convenient, easy to buy, easy to use, easy to gift, usually allow the receiver to pick just what they want, and are often received as a reward for doing something. The gift card market is estimated in the many hundreds of BILLIONS of dollars.

Marketing 127

Marketing 127

Security Affairs

NOVEMBER 28, 2022

Amazon Web Services (AWS) fixed a cross-tenant vulnerability that could have allowed attackers to gain unauthorized access to resources. Amazon Web Services (AWS) has addressed a cross-tenant confused deputy problem in its platform that could have allowed threat actors to gain unauthorized access to resources. The problem was reported to the company by researchers from Datadog on September 1, 2022, and the bug was solved on September 6.

Access 145

Access Security IT Information Security 145

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Data Breach Today

NOVEMBER 30, 2022

One Brooklyn Health Systems Three Hospitals Systems Affected by Nov. 19 Hack As three Brooklyn safety net hospitals grapple with the aftershocks of a Nov. 19 cyber incident, sources say other area hospitals are complaining about a lack of transparency. One Brooklyn Health System has been tight-lipped about the cause of the outage, which is suspected to involve ransomware.

Ransomware 232

Ransomware 232

eSecurity Planet

DECEMBER 2, 2022

A user calls into the helpdesk reporting that their system is down. Upon investigation, you discover it’s ransomware. Servers are encrypted with “ locked” file extensions on files. Ransom notes are on the desktops. No problem, just restore, right? You have the disaster recovery (DR) site, backups, and storage area network (SAN) snapshots.

Ransomware 113

Ransomware Encryption Passwords Authentication 113

Dark Reading

DECEMBER 1, 2022

The threat actor behind an August intrusion used data from that incident to access customer data stored with a third-party cloud service provider, and affiliate GoTo reports breach of development environment.

Cloud 109

Cloud Access 109

Security Affairs

DECEMBER 2, 2022

Experts found multiple flaws in three Android Keyboard apps that can be exploited by remote attackers to compromise a mobile phone. Researchers at the Synopsys Cybersecurity Research Center (CyRC) warn of three Android keyboard apps with cumulatively two million installs that are affected by multiple flaws ( CVE-2022-45477, CVE-2022-45478, CVE-2022-45479, CVE-2022-45480, CVE-2022-45481, CVE-2022-45482, CVE-2022-45483 ) that can be exploited by attackers to compromise a mobile phone.

Authentication 144

Authentication Passwords Communications Cybersecurity 144

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Data Breach Today

NOVEMBER 28, 2022

Fine Tied to Data Scrapping Incident Revealed in 2021 Facebook will pay a 265 million euro fine to the Irish data protection authority to resolve a 2021 incident when the scrapped data of 533 million users appeared online. The data contained names, phone numbers and birth dates. Facebook says it takes active measures against data scrapping.

GDPR 223

GDPR Privacy IT 223

eSecurity Planet

NOVEMBER 29, 2022

In a recent study of 1,237 Chrome extensions with a minimum of 1,000 downloads, Incogni researchers found that nearly half ask for permissions that could potentially expose personally identifiable information (PII), distribute adware and malware , or even log everything users do online, including accessing passwords and financial data. Almost half (48.66 percent) of all Chrome extensions have a High or Very High risk impact due to permissions required at installation, according to Incogni, and o

Risk 113

Risk Passwords Data collection Access 113

Schneier on Security

DECEMBER 2, 2022

We know that complexity is the worst enemy of security, because it makes attack easier and defense harder. This becomes catastrophic as the effects of that attack become greater. In A Hacker’s Mind (coming in February 2023), I write: Our societal systems, in general, may have grown fairer and more just over the centuries, but progress isn’t linear or equitable.

Risk 108

Risk IT Security 108