Sat.May 13, 2023 - Fri.May 19, 2023

article thumbnail

Russian Hacker “Wazawaka” Indicted for Ransomware

Krebs on Security

A Russian man identified by KrebsOnSecurity in January 2022 as a prolific and vocal member of several top ransomware groups was the subject of two indictments unsealed by the Justice Department today. U.S. prosecutors say Mikhail Pavolovich Matveev , a.k.a. “ Wazawaka ” and “ Boriselcin ” worked with three different ransomware gangs that extorted hundreds of millions of dollars from companies, schools, hospitals and government agencies.

article thumbnail

Re-Victimization from Police-Auctioned Cell Phones

Krebs on Security

Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found. In response, the largest online marketplace for items seized in U.S. law enforcement investigations says it now ensures that all phones sold through its platform will be data-wiped prior to auction.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

ISMG Editors: Is TikTok a Ticking Time Bomb?

Data Breach Today

Also, US Takes Action on Spyware; Law Firm Fined After Health Breach In the latest weekly update, ISMG editors discuss how national security concerns about popular social media app TikTok are heating up, how New York's attorney general hit a law firm with a $200,000 fine in a health data breach, and the impact of U.S. limits on advanced smartphone spyware.

article thumbnail

Breaking the DDoS Attack Loop With Rate Limiting

Dark Reading

This Tech Tip demonstrates how security engineers can best use rate limits to mitigate distributed denial-of-service attacks.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Royal Ransomware Group Builds Its Own Malware Loader

Data Breach Today

Malware Designed to Load Crypto-Lockers Remains Key Tool for Ransomware Groups The Royal ransomware group, which spun off from Conti in early 2022, is refining its downloader malware using tactics and techniques that appear to draw directly from other post-Conti groups, as well as working closely with trusted former associates of Conti, REvil and Hive, researchers say.

More Trending

article thumbnail

The AI Act – A step closer to the first law on Artificial Intelligence

Data Protection Report

On 11 May 2023, members of the European Parliament passed their compromise text of the AI Act (the AI Act ) at the committee stage, taking this law a step closer to being finalised. The compromise text ( the Parliament Draft ), which amends the Commission’s original proposal, includes quite a large number of amendments, some of which will most likely not make the final cut following the trilogue negotiations [Footnote: The Council’s (representing the governments of the EU Member States) position

article thumbnail

CNIL Publishes Action Plan on AI

Hunton Privacy

On May 16, 2023, the French Data Protection Authority (the “CNIL”) announced its action plan on artificial intelligence (the “AI Action Plan”). The AI Action Plan builds on prior work of the CNIL in the field of AI and consists of a series of activities the CNIL will undertake to support the deployment of AI systems that respect the privacy of individuals.

article thumbnail

Apple Fixes 3 Zero-Days Exploited in the Wild

Data Breach Today

Vulnerabilities Exist in Apple-Mandated WebKit Browser Engine Apple is patching actively exploited zero-day flaws in its browser rendering engine for mobile devices, and one cybersecurity firm says the vulnerabilities are likely evidence of takeover attacks. Two of the bugs were the subject of Apple's first-ever Rapid Security Response.

article thumbnail

RSAC Fireside Chat: How a well-placed ‘NGWAF’ can staunch the flow of web, mobile app attacks

The Last Watchdog

Attack surface expansion translates into innumerable wide-open vectors of potential unauthorized access into company networks. Related: The role of legacy security tools Yet the heaviest volume of routine, daily cyber attacks continue to target a very familiar vector: web and mobile apps. At RSA Conference 2023 , I had the chance to meet with Paul Nicholson , senior director of product marketing and analyst relations at A10 Networks.

Cloud 214
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

OpenText receives recognition from leading industry analyst firms

OpenText Information Management

Here at OpenText, we are proud of the technology we build. The investments we make and the customer-centric approach we take to our innovations are, we believe, what makes our solutions so valuable. It is always encouraging and exciting to be acknowledged by our customers and the experts in the markets we serve. This includes … The post OpenText receives recognition from leading industry analyst firms appeared first on OpenText Blogs.

Marketing 138
article thumbnail

Ransomware – Stop’em Before They Wreak Havoc

Thales Cloud Protection & Licensing

Ransomware – Stop’em Before They Wreak Havoc madhav Thu, 05/18/2023 - 06:03 Cybercriminals have been making a run on your data with ransomware attacks over the last decade in increasing frequency. They wreak havoc by bringing critical infrastructures, supply chains, hospitals, and city services to a grinding halt. Cybersecurity Ventures predicts by 2031 ransomware will cost victims $265 billion annually, and it will affect a business, consumer, or device every 2 seconds.

article thumbnail

Alleged Babuk Ransomware Hacker 'Wazawaka' Indicted in US

Data Breach Today

Mikhail Matveev Also Faces Sanctions and $10 Million Reward for His Arrest A Russian man the U.S. government says has been a key actor in Russian ransomware hacking faces federal criminal charges, economic sanctions and a $10 million reward for information leading to his arrest. Mikhail Matveev, aka Wazawaka, was a central figure of the Babuk ransomware-as-a-service gang.

article thumbnail

RSAC Fireside Chat: Deploying Hollywood-tested content protection to improve mobile app security

The Last Watchdog

Your go-to mobile apps aren’t nearly has hackproof as you might like to believe. Related: Fallout of T-Mobile hack Hackers of modest skill routinely bypass legacy security measures, even two-factor authentication, with techniques such as overlay attacks. And hard data shows instances of such breaches on the rise. I had an evocative conversation about this at RSA Conference 2023 with Asaf Ashkenazi , CEO of Verimatrix , a cybersecurity company headquartered in southern France.

Security 202
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Microsoft Azure VMs Hijacked in Cloud Cyberattack

Dark Reading

Cybercrime group that often uses smishing for initial access bypassed traditional OS targeting and evasion techniques to directly gain access to the cloud.

Cloud 141
article thumbnail

Make SAP ERP deployments future-ready with IBM Cloud

IBM Big Data Hub

As we navigate an unstable economy, organizations across industries want to be “future-ready,” and that requires systems and processes that can continuously evolve in response to the marketplace demands. For customers who run their operations on SAP, this means modernizing to a cloud ERP platform that supports greater flexibility and agility.

Cloud 114
article thumbnail

FTC Fines Fertility App Vendor, Bars It From Data-Sharing

Data Breach Today

Case is FTC's 2nd Enforcement of Health Data Breach Notification Rule The Federal Trade Commission has barred the developer of fertility tracking app Premom from sharing users' personal health data with third parties for advertising purposes and has fined the vendor $100,000 for alleged violations of the agency's Health Data Breach Notification Rule.

article thumbnail

RSAC Fireside Chat: Achieving ‘outcome-based security’ by blending cybersecurity, business goals

The Last Watchdog

Could cybersecurity someday soon be implemented as a business enabler, instead of continuing to be viewed as an onerous business expense? Related: Security sea-change wrought by ‘CMMC’ This would fit nicely with the ‘ stronger together ’ theme heralded at RSA Conference 2023. WithSecure is one cybersecurity vendor that is certainly on this path.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

KeePass Vulnerability Imperils Master Passwords

Dark Reading

A newly discovered bug in the open source password manager, if exploited, lets attackers retrieve a target's master password — and proof-of-concept code is available.

Passwords 127
article thumbnail

Micro-Star International Signing Key Stolen

Schneier on Security

Micro-Star International—aka MSI—had its UEFI signing key stolen last month. This raises the possibility that the leaked key could push out updates that would infect a computer’s most nether regions without triggering a warning. To make matters worse, Matrosov said, MSI doesn’t have an automated patching process the way Dell, HP, and many larger hardware makers do.

IT 110
article thumbnail

Ukraine's Cyber Defense Success: Top Takeaways

Data Breach Today

Experts Highlight the Importance of Preparation, Partnerships, Resilience Fifteen months after Russia intensified its illegal invasion of Ukraine, experts say top cyber defense lessons policymakers and defenders should apply include focusing on resilience. Building for resilience acknowledges the inevitability of ongoing attacks.

IT 277
article thumbnail

RSAC Fireside Chat: Upgrading containment to counter Putin’s weaponizing of ransomware

The Last Watchdog

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts. Related: The Golden Age of cyber espionage Cyber extortion remains a material threat to organizations of all sizes across all industries. Ransomware purveyors have demonstrated their capability to endlessly take advantage of a vastly expanded network attack surface – one that will only continue to expand as the shift to massively interconnected digital services accelerates.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Unpatched Wemo Smart Plug Bug Opens Countless Networks to Cyberattacks

Dark Reading

Cyberattckers can easily exploit a command-injection bug in the popular device, but Belkin has no plans to address the security vulnerability.

Security 132
article thumbnail

UK Sets Out It’s “Pro-Innovation” Approach To AI Regulation

Data Matters

On 29 March 2023, the UK’s Department for Science Innovation and Technology (“ DSIT ”) published its long awaited White Paper on its “pro-innovation approach to AI regulation” (the “ White Paper ”), along with a corresponding impact assessment. The White Paper builds on the “proportionate, light touch and forward-looking” approach to AI regulation set out in the policy paper published in July 2022.

Paper 94
article thumbnail

NextGen Facing a Dozen Lawsuits So Far Following Breach

Data Breach Today

Proposed Class Actions - All Filed in Same Georgia Court - Allege Negligence Cloud-based electronic health records vendor NextGen Healthcare is so far facing a dozen proposed class action lawsuits filed in the last week in the same Georgia federal court following the company's disclosure this month of a data breach affecting 1 million individuals.

article thumbnail

Microsoft Secure Boot Bug

Schneier on Security

Microsoft is currently patching a zero-day Secure-Boot bug. The BlackLotus bootkit is the first-known real-world malware that can bypass Secure Boot protections, allowing for the execution of malicious code before your PC begins loading Windows and its many security protections. Secure Boot has been enabled by default for over a decade on most Windows PCs sold by companies like Dell, Lenovo, HP, Acer, and others.

Security 105
article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict

Dark Reading

Plug X and other information-stealing remote-access Trojans are among the malware targeting networking, manufacturing, and logistics companies in Taiwan.

Phishing 119
article thumbnail

Top 5 Application Security Tools & Software for 2023

eSecurity Planet

Application security tools and software solutions are designed to identify and mitigate vulnerabilities and threats in software applications. Their main purpose is to protect applications from unauthorized access, data breaches, and malicious attacks. These tools play a vital role in ensuring the security, integrity, and confidentiality of sensitive information, such as personal data and financial records.

Security 104
article thumbnail

Cryptohack Roundup: Uranium Finance, LayerZero, MiCA

Data Breach Today

Also: Ledger Faces Backlash on Seed Phrase Recovery Solution In the days between May 11 and May 18, the Uranium Finance hacker laundered more stolen funds, LayerZero launched a $15 million bug bounty program, the European Union adopted comprehensive cryptocurrency legislation, and Ledger faced backlash on its seed phrase recovery solution.

IT 258