Sat.Nov 26, 2022 - Fri.Dec 02, 2022

article thumbnail

Apple Tracks You More Than You Think

WIRED Threat Level

Plus: WikiLeaks’ website is falling apart, tax websites are sending your data to Facebook, and cops take down a big phone-number-spoofing operation.

Privacy 97
article thumbnail

Tax filing websites have been sending users’ financial information to Facebook via The Verge

IG Guru

Check out the article here.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

List of Data Breaches and Cyber Attacks in November 2022 – 32 Million Records Breached

IT Governance

Welcome to our November 2022 review of data breaches and cyber attacks. We identified 95 security incidents throughout the month, accounting for 32,051,144 breached records. Almost half of that figure comes from two incidents. The first was a data breach at Twitter, in the latest PR disaster for the social media giant. Reports emerged late last week that user records were stolen using an API vulnerability that has since been fixed.

article thumbnail

U.S. Govt. Apps Bundled Russian Code With Ties to Mobile Malware Developer

Krebs on Security

A recent scoop by Reuters revealed that mobile apps for the U.S. Army and the Centers for Disease Control and Prevention (CDC) were integrating software that sends visitor data to a Russian company called Pushwoosh , which claims to be based in the United States. But that story omitted an important historical detail about Pushwoosh: In 2013, one of its developers admitted to authoring the Pincer Trojan , malware designed to surreptitiously intercept and forward text messages from Android mob

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

UK Companies Fear Reporting Cyber Incidents, Parliament Told

Data Breach Today

Firms Fear that Involving Police in Response Will Have Regulatory Consequences U.K. businesses shy from involving police in cyber incident response for fear of regulatory consequences, lawmakers sitting on Parliament's Joint Committee on National Security Strategy heard. Allowing businesses to anonymously disclose incidents would result in more data, suggested a witness.

Security 264

More Trending

article thumbnail

Cybercrime Forum Dumps Stolen Details on 5.4M Twitter Users

Data Breach Today

But Information Compiled by Other Attackers May Involve Millions of Other Accounts Information amassed on 5.4 million Twitter users by an attacker who abused one of the social network's APIs has been dumped online for free. While Twitter confirmed that breach, a researcher suggests other attackers also abused the feature to amass information for millions of other users.

254
254
article thumbnail

ConnectWise Quietly Patches Flaw That Helps Phishers

Krebs on Security

ConnectWise , which offers a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. The warning comes just weeks after the company quietly patched a vulnerability that makes it easier for phishers to launch these attacks.

Phishing 284
article thumbnail

The Evolution of Business Email Compromise

Dark Reading

The simplicity and profitability of these attacks continue to appeal to threat actors a decade later.

92
article thumbnail

Tips for Gamifying Your Cybersecurity Awareness Training Program

Security Affairs

In today’s technological world, educating people about cybersecurity awareness is an absolute necessity. According to one report , 82% of data breaches involved the human element, from social attacks to misuse of technologies. These errors are not always entirely preventable, as some level of human error is inevitable, but proper training in cybersecurity awareness can greatly decrease the likelihood of human mistakes leading to data breaches.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

No Pressure: Water Utility Drips Alert 4 Months After Breach

Data Breach Today

Some Customers at Risk of Identity Theft, South Staffordshire Water Belatedly Warns Is a four-month delay between learning your systems were breached and notifying affected customers acceptable? After spotting an attack in August, private utility South Staffordshire Water in England is only beginning to alert customers that they're at risk of identity theft.

Risk 329
article thumbnail

GUEST ESSAY: What ‘self-sovereign-identities’ are all about — and how SSIs can foster public good

The Last Watchdog

Government assistance can be essential to individual wellbeing and economic stability. This was clear during the COVID-19 pandemic, when governments issued trillions of dollars in economic relief. Related: Fido champions passwordless authentication. Applying for benefits can be arduous, not least because agencies need to validate applicant identity and personal identifiable information (PII).

article thumbnail

A Peek Inside the FBI's Unprecedented January 6 Geofence Dragnet

WIRED Threat Level

Google provided investigators with location data for more than 5,000 devices as part of the federal investigation into the attack on the US Capitol.

Security 145
article thumbnail

A new Linux flaw can be chained with other two bugs to gain full root privileges

Security Affairs

Qualys researchers demonstrated how to chain a new Linux flaw with two other two issues to gain full root privileges on an impacted system. Researchers at the Qualys’ Threat Research Unit demonstrated how to chain a new Linux vulnerability, tracked as CVE-2022-3328 , with two other flaws to gain full root privileges on an affected system. The vulnerability resides in the snap-confine function on Linux operating systems, a SUID-root program installed by default on Ubuntu.

Access 145
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

HHS: Web Trackers in Patient Portals Violates HIPAA

Data Breach Today

Feds Warn Impermissible Disclosures of Patient Health Data is Prohibited Federal regulators issued a warning to healthcare entities and their tech vendors that the use of tracking code embedded in patient portals that transmits patient information to third-parties could be a violation of HIPAA, and punishable with monetary fines.

311
311
article thumbnail

Researchers Find Supply Chain Vulnerability in IBM Cloud

eSecurity Planet

The Wiz Research Team recently discovered a supply chain vulnerability in IBM Cloud that they say is the first to impact a cloud provider’s infrastructure. In a dramatic flair, they named the flaw Hell’s Keychain. The security issues were reported to IBM Cloud in late August, and were patched in early September. Before it was patched, an attacker with knowledge of the vulnerability could run malicious code and modify data being stored by any IBM Cloud customer using PostgreSQL.

Cloud 135
article thumbnail

Italian Supreme Court Grants Global Delisting Order Under National Law

Hunton Privacy

On November 15, 2022, the Italian Supreme Court held that an Italian court or competent data protection authority has jurisdiction to issue a global delisting order. A delisting order requires a search engine to remove certain search results about individuals if the data subject’s privacy interests prevail over the general right to expression and information, and the economic interest of the search engine.

GDPR 133
article thumbnail

New Go-based Redigo malware targets Redis servers

Security Affairs

Redigo is a new Go-based malware employed in attacks against Redis servers affected by the CVE-2022-0543 vulnerability. Researchers from security firm AquaSec discovered a new Go-based malware that is used in a campaign targeting Redis servers. Threat actors are exploiting a critical vulnerability, tracked as CVE-2022-0543 , in Redis (Remote Dictionary Server) servers.

Libraries 145
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Medibank Hackers Dump Stolen Data on the Dark Web

Data Breach Today

Australian Information Commissioner Will Investigate Insurer's Security Practices The Russia-based ransomware gang behind the hack of Australia's largest private health insurer says it posted a full set of stolen data. The Australian Information Commissioner said it will probe the insurer's personal information handling practices.

Insurance 290
article thumbnail

Beware of Holiday Gift Card Scams

KnowBe4

Every holiday season brings on an increase in gift card scams. Most people love to buy and use gift cards. They are convenient, easy to buy, easy to use, easy to gift, usually allow the receiver to pick just what they want, and are often received as a reward for doing something. The gift card market is estimated in the many hundreds of BILLIONS of dollars.

Marketing 130
article thumbnail

Russian Infostealer Gangs Steal 50 Million Passwords

eSecurity Planet

Group-IB cybersecurity researchers recently identified several Russian-speaking cybercrime groups offering infostealing malware-as-a-service (MaaS), resulting in the theft of more than 50 million passwords thus far. The cybercrime groups are using Raccoon and Redline malware to steal login credentials for Steam, Roblox, Amazon and PayPal, as well as payment records and crypto wallet information.

Passwords 126
article thumbnail

Android Keyboard Apps with 2 Million downloads can remotely hack your device

Security Affairs

Experts found multiple flaws in three Android Keyboard apps that can be exploited by remote attackers to compromise a mobile phone. Researchers at the Synopsys Cybersecurity Research Center (CyRC) warn of three Android keyboard apps with cumulatively two million installs that are affected by multiple flaws ( CVE-2022-45477, CVE-2022-45478, CVE-2022-45479, CVE-2022-45480, CVE-2022-45481, CVE-2022-45482, CVE-2022-45483 ) that can be exploited by attackers to compromise a mobile phone.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Brooklyn Hospitals Decried for Silence on Cyber Incident

Data Breach Today

One Brooklyn Health Systems Three Hospitals Systems Affected by Nov. 19 Hack As three Brooklyn safety net hospitals grapple with the aftershocks of a Nov. 19 cyber incident, sources say other area hospitals are complaining about a lack of transparency. One Brooklyn Health System has been tight-lipped about the cause of the outage, which is suspected to involve ransomware.

article thumbnail

LastPass Security Breach

Schneier on Security

The company was hacked , and customer information accessed. No passwords were compromised.

Passwords 126
article thumbnail

Users Can Engage with Training Anytime with KnowBe4's Mobile Learner App

KnowBe4

We’re excited to introduce a new way for your users to engage with KnowBe4 security awareness and compliance training anytime and anywhere with the KnowBe4 Learner App. And the best part? It’s available with all training subscription levels at no additional cost !

article thumbnail

Experts found a vulnerability in AWS AppSync

Security Affairs

Amazon Web Services (AWS) fixed a cross-tenant vulnerability that could have allowed attackers to gain unauthorized access to resources. Amazon Web Services (AWS) has addressed a cross-tenant confused deputy problem in its platform that could have allowed threat actors to gain unauthorized access to resources. The problem was reported to the company by researchers from Datadog on September 1, 2022, and the bug was solved on September 6.

Access 145
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Meta Fined by Irish Privacy Regulator for GDPR Violations

Data Breach Today

Fine Tied to Data Scrapping Incident Revealed in 2021 Facebook will pay a 265 million euro fine to the Irish data protection authority to resolve a 2021 incident when the scrapped data of 533 million users appeared online. The data contained names, phone numbers and birth dates. Facebook says it takes active measures against data scrapping.

GDPR 237
article thumbnail

Android Phone Makers’ Encryption Keys Stolen and Used in Malware

WIRED Threat Level

Device manufacturers use “platform certificates” to verify an app’s authenticity, making them particularly dangerous in the wrong hands.

article thumbnail

Ransomware Attacks on Holidays and Weekends Increase and Take a Greater Toll on Organizations

KnowBe4

With 97% of U.S. organizations experiencing a ransomware attack over a weekend or on a holiday, the impacts on response and recovery time are material, including loss of revenue.