Krebs on Security

MAY 16, 2023

A Russian man identified by KrebsOnSecurity in January 2022 as a prolific and vocal member of several top ransomware groups was the subject of two indictments unsealed by the Justice Department today. U.S. prosecutors say Mikhail Pavolovich Matveev , a.k.a. “ Wazawaka ” and “ Boriselcin ” worked with three different ransomware gangs that extorted hundreds of millions of dollars from companies, schools, hospitals and government agencies.

Ransomware 297

Ransomware Access Marketing Government 297

Krebs on Security

MAY 16, 2023

Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found. In response, the largest online marketplace for items seized in U.S. law enforcement investigations says it now ensures that all phones sold through its platform will be data-wiped prior to auction.

Computer and Electronics 252

Computer and Electronics Sales Paper Communications 252

Data Breach Today

MAY 17, 2023

Also, US Takes Action on Spyware; Law Firm Fined After Health Breach In the latest weekly update, ISMG editors discuss how national security concerns about popular social media app TikTok are heating up, how New York's attorney general hit a law firm with a $200,000 fine in a health data breach, and the impact of U.S. limits on advanced smartphone spyware.

Data breaches 245

Data breaches Security 245

Dark Reading

MAY 15, 2023

This Tech Tip demonstrates how security engineers can best use rate limits to mitigate distributed denial-of-service attacks.

Security 92

Security 92

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Data Breach Today

MAY 17, 2023

Malware Designed to Load Crypto-Lockers Remains Key Tool for Ransomware Groups The Royal ransomware group, which spun off from Conti in early 2022, is refining its downloader malware using tactics and techniques that appear to draw directly from other post-Conti groups, as well as working closely with trusted former associates of Conti, REvil and Hive, researchers say.

Ransomware 195

Ransomware IT 195

Data Protection Report

MAY 18, 2023

On 11 May 2023, members of the European Parliament passed their compromise text of the AI Act (the AI Act ) at the committee stage, taking this law a step closer to being finalised. The compromise text ( the Parliament Draft ), which amends the Commission’s original proposal, includes quite a large number of amendments, some of which will most likely not make the final cut following the trilogue negotiations [Footnote: The Council’s (representing the governments of the EU Member States) position

Artificial Intelligence 144

Artificial Intelligence Risk Compliance Government 144

Hunton Privacy

MAY 16, 2023

On May 16, 2023, the French Data Protection Authority (the “CNIL”) announced its action plan on artificial intelligence (the “AI Action Plan”). The AI Action Plan builds on prior work of the CNIL in the field of AI and consists of a series of activities the CNIL will undertake to support the deployment of AI systems that respect the privacy of individuals.

Artificial Intelligence 142

Artificial Intelligence Personal data Data collection Privacy 142

Data Breach Today

MAY 19, 2023

Vulnerabilities Exist in Apple-Mandated WebKit Browser Engine Apple is patching actively exploited zero-day flaws in its browser rendering engine for mobile devices, and one cybersecurity firm says the vulnerabilities are likely evidence of takeover attacks. Two of the bugs were the subject of Apple's first-ever Rapid Security Response.

Cybersecurity 315

Cybersecurity Security IT 315

The Last Watchdog

MAY 16, 2023

Attack surface expansion translates into innumerable wide-open vectors of potential unauthorized access into company networks. Related: The role of legacy security tools Yet the heaviest volume of routine, daily cyber attacks continue to target a very familiar vector: web and mobile apps. At RSA Conference 2023 , I had the chance to meet with Paul Nicholson , senior director of product marketing and analyst relations at A10 Networks.

Cloud 214

Cloud Marketing Access Security 214

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Dark Reading

MAY 18, 2023

Cybercrime group that often uses smishing for initial access bypassed traditional OS targeting and evasion techniques to directly gain access to the cloud.

Cloud 141

Cloud Access 141

OpenText Information Management

MAY 18, 2023

Here at OpenText, we are proud of the technology we build. The investments we make and the customer-centric approach we take to our innovations are, we believe, what makes our solutions so valuable. It is always encouraging and exciting to be acknowledged by our customers and the experts in the markets we serve. This includes … The post OpenText receives recognition from leading industry analyst firms appeared first on OpenText Blogs.

Marketing 138

Marketing Content services IT Analytics 138

Data Breach Today

MAY 17, 2023

Case is FTC's 2nd Enforcement of Health Data Breach Notification Rule The Federal Trade Commission has barred the developer of fertility tracking app Premom from sharing users' personal health data with third parties for advertising purposes and has fined the vendor $100,000 for alleged violations of the agency's Health Data Breach Notification Rule.

Data breaches 299

Data breaches IT 299

The Last Watchdog

MAY 18, 2023

Your go-to mobile apps aren’t nearly has hackproof as you might like to believe. Related: Fallout of T-Mobile hack Hackers of modest skill routinely bypass legacy security measures, even two-factor authentication, with techniques such as overlay attacks. And hard data shows instances of such breaches on the rise. I had an evocative conversation about this at RSA Conference 2023 with Asaf Ashkenazi , CEO of Verimatrix , a cybersecurity company headquartered in southern France.

Security 202

Security Authentication Privacy Cybersecurity 202

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Dark Reading

MAY 18, 2023

As ChatGPT adoption grows, the industry needs to proceed with caution. Here's why.

Security 136

Security 136

WIRED Threat Level

MAY 15, 2023

The families of victims of a mass shooting in Buffalo are challenging the platforms they believe led the attacker to carry out a racist massacre.

Security 132

Security 132

Data Breach Today

MAY 18, 2023

Experts Highlight the Importance of Preparation, Partnerships, Resilience Fifteen months after Russia intensified its illegal invasion of Ukraine, experts say top cyber defense lessons policymakers and defenders should apply include focusing on resilience. Building for resilience acknowledges the inevitability of ongoing attacks.

IT 290

IT 290

The Last Watchdog

MAY 17, 2023

Could cybersecurity someday soon be implemented as a business enabler, instead of continuing to be viewed as an onerous business expense? Related: Security sea-change wrought by ‘CMMC’ This would fit nicely with the ‘ stronger together ’ theme heralded at RSA Conference 2023. WithSecure is one cybersecurity vendor that is certainly on this path.

Cybersecurity 199

Cybersecurity Security Marketing IT 199

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Dark Reading

MAY 16, 2023

Cyberattckers can easily exploit a command-injection bug in the popular device, but Belkin has no plans to address the security vulnerability.

Security 132

Security 132

Thales Cloud Protection & Licensing

MAY 17, 2023

Ransomware – Stop’em Before They Wreak Havoc madhav Thu, 05/18/2023 - 06:03 Cybercriminals have been making a run on your data with ransomware attacks over the last decade in increasing frequency. They wreak havoc by bringing critical infrastructures, supply chains, hospitals, and city services to a grinding halt. Cybersecurity Ventures predicts by 2031 ransomware will cost victims $265 billion annually, and it will affect a business, consumer, or device every 2 seconds.

Ransomware 127

Ransomware Encryption Authentication Access 127

Data Breach Today

MAY 15, 2023

Private Subscription Services Emerge, Together With Fresh Strains of Info Stealers Cybercrime watchers continue to see prolific use of information-stealing malware such as Raccoon and Vidar, which are being used to populate stolen digital identity listings at markets such as Genesis, RussianMarket and TwoEasy, as well as via Telegram channels offering "clouds of logs.

Cloud 276

Cloud Marketing 276

The Last Watchdog

MAY 19, 2023

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts. Related: The Golden Age of cyber espionage Cyber extortion remains a material threat to organizations of all sizes across all industries. Ransomware purveyors have demonstrated their capability to endlessly take advantage of a vastly expanded network attack surface – one that will only continue to expand as the shift to massively interconnected digital services accelerates.

Ransomware 124

Ransomware Security IT 124

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

Dark Reading

MAY 18, 2023

A newly discovered bug in the open source password manager, if exploited, lets attackers retrieve a target's master password — and proof-of-concept code is available.

Passwords 127

Passwords 127

KnowBe4

MAY 15, 2023

New data sheds light on how likely your organization will succumb to a ransomware attack, whether you can recover your data, and what’s inhibiting a proper security posture.

Ransomware 124

Ransomware Security 124

Data Breach Today

MAY 18, 2023

Also: Ledger Faces Backlash on Seed Phrase Recovery Solution In the days between May 11 and May 18, the Uranium Finance hacker laundered more stolen funds, LayerZero launched a $15 million bug bounty program, the European Union adopted comprehensive cryptocurrency legislation, and Ledger faced backlash on its seed phrase recovery solution.

IT 270

IT 270

WIRED Threat Level

MAY 16, 2023

The Meta-owned app offers end-to-end encryption of texts, images, and more by default—but its settings aren't as private as they could be.

Privacy 121

Privacy Encryption IT Security 121

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Dark Reading

MAY 16, 2023

Threat actors seen using Go-language implementation of the red-teaming tool on Intel and Apple silicon-based macOS systems.

126

126

Schneier on Security

MAY 15, 2023

Micro-Star International—aka MSI—had its UEFI signing key stolen last month. This raises the possibility that the leaked key could push out updates that would infect a computer’s most nether regions without triggering a warning. To make matters worse, Matrosov said, MSI doesn’t have an automated patching process the way Dell, HP, and many larger hardware makers do.

IT 118

IT Ransomware 118

Data Breach Today

MAY 16, 2023

Mikhail Matveev Also Faces Sanctions and $10 Million Reward for His Arrest A Russian man the U.S. government says has been a key actor in Russian ransomware hacking faces federal criminal charges, economic sanctions and a $10 million reward for information leading to his arrest. Mikhail Matveev, aka Wazawaka, was a central figure of the Babuk ransomware-as-a-service gang.

Ransomware 264

Ransomware Government 264