Data Breach Today
SEPTEMBER 30, 2021
Microsoft Sparred with SecureWorks Over Impact But Relents Microsoft has indicated it will make changes to reduce the risk around what a security vendor says is a vulnerability that lets attackers run brute-force credential attacks against Azure Active Directory. The issue was reported to Microsoft in June by SecureWorks' Counter Threat Unit.
Krebs on Security
SEPTEMBER 29, 2021
In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords. That service quickly went offline, but new research reveals a number of competitors have since launched bot-based services that make it relatively easy for crooks to phish OTPs from targets.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
SEPTEMBER 30, 2021
Most of us internet users are obviously familiar with CAPTCHAs: a challenge or test that is designed to filter out bots (automated programs) and only allow legitimate human users in. Related: How bots fuel ‘business logic’ hacking. The basic principle behind CAPTCHA is fairly simple: the test must be as difficult as possible (if not impossible) to solve by these bots, but at the same time it must be easy enough for human users not to hurt user experience.
Security Affairs
SEPTEMBER 25, 2021
The customer care and call center provider GSS has suffered a ransomware attack that crippled its systems and impacted its Spanish-speaking customers. GSS customer care and call center provider has suffered a ransomware attack that crippled its system and paralyzed call centers serving its Spanish-speaking customers. GSS is the Spanish and Latin America division of Covisian, a European giant of customer care and call center providers.
Advertiser: ZoomInfo
AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.
Data Breach Today
SEPTEMBER 30, 2021
Exposed Data Includes Login Credentials, Security Questions Neiman Marcus Group says it is notifying 4.6 million of its online customers who are affected by a data breach that occurred in May 2020. The data includes personally identifiable data, payment and gift cards, online account credentials and security questions.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
WIRED Threat Level
SEPTEMBER 28, 2021
From Afghanistan to cyberattacks, Frank Herbert’s novel anticipated and shaped warfare as we know it.
Security Affairs
SEPTEMBER 29, 2021
The security researcher Jose Rodriguez discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be fixed. The security researcher Jose Rodriguez ( @VBarraquito ) discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be addressed by Apple. A threat actor with physical access to a vulnerable device can access Notes via Siri/Voice Over.
Data Breach Today
SEPTEMBER 30, 2021
Agency Is Also Keeping Its 'Rumor Control' Website Active Ahead of Midterm Elections A new self-assessment tool aims to help public and private sector organizations assess their level of vulnerability to insider threats, according to CISA. The agency also indicated this week it will keep its "rumor control" website active ahead of the 2022 midterm elections.
Krebs on Security
OCTOBER 1, 2021
The U.S. Federal Communications Commission (FCC) is asking for feedback on new proposed rules to crack down on SIM swapping and number port-out fraud, increasingly prevalent scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identity. In a long-overdue notice issued Sept. 30 , the FCC said it plans to move quickly on requiring the mobile companies to adopt more secure methods of authenticating customers before
Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage
When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m
WIRED Threat Level
SEPTEMBER 29, 2021
The fictional superspy wields Nokia devices in 'No Time To Die.' It’s an odd choice, but Apple's smartphones aren’t ideal, either.
Security Affairs
SEPTEMBER 29, 2021
The U.S. CISA and the NSA agencies have published guidance for securely using virtual private network (VPN) solutions. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance for increasing the security of virtual private network (VPN) solutions. Multiple attacks against private organizations and government entities, especially during the pandemic, were carried out by threat actors by exploiting vulnerabilities in popular VPN
Data Breach Today
SEPTEMBER 25, 2021
Canal de Isabel II Suspends Its Telephone Services GSS, the Spanish and Latin America division of Europe's largest call center provider Covisian, has informed that it has been subjected to a ransomware attack, which froze its IT systems and crippled call centers across its Spanish-speaking customer base.
HID Global
SEPTEMBER 28, 2021
The European Union Is Already Rolling Out Biometric National ID Cards for Travel and More. rmatyasek. Tue, 09/28/2021 - 09:18.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
WIRED Threat Level
SEPTEMBER 29, 2021
The so-called GriftHorse campaign used clever techniques to avoid detection in Google Play for nearly a year.
Security Affairs
SEPTEMBER 26, 2021
Last month, the Port of Houston, one of the major US ports, was hit by a cyber attack allegedly orchestrated by a nation-state actor. One of the major US ports, the Port of Houston, revealed that it was hit by a cyber attack in August that had no impact on its systems. “The Port of Houston Authority (Port Houston) successfully defended itself against a cybersecurity attack in August.
Data Breach Today
SEPTEMBER 30, 2021
Neither Firm Has Fixed Issue, Researchers Say Researchers at the University of Birmingham and University of Surrey say they have uncovered a vulnerability in the Apple Pay-Visa setup that could allow hackers to bypass iPhone’s Apple Pay lock screen, perform contactless payments and skirt transaction limits.
The Last Watchdog
SEPTEMBER 27, 2021
Assessing the risks involved in using the latest technology is something our culture had to adopt in the early days of the computer. New technologies come with risks — there’s no denying that. Related: How Russia uses mobile apps to radicalize U.S. youth. Miller. To minimize their impact, implementing preventive security measures into these advanced systems is crucial.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
WIRED Threat Level
SEPTEMBER 30, 2021
A WIRED investigation has found 45 federal criminal cases that cite Google geolocation data to place suspects inside the US Capitol during the January 6 riot.
Security Affairs
SEPTEMBER 28, 2021
An exploit for the recently disclosed CVE-2021-22005 vulnerability in VMware vCenter was publicly released, threat actors are already using it. A working exploit for the CVE-2021-22005 vulnerability in VMware vCenter is publicly available, and attackers are already attempting to use it in the wild. VMware recently addressed the critical arbitrary file upload vulnerability CVE-2021-22005, it impacts appliances running default vCenter Server 6.7 and 7.0 deployments. vCenter Server is the centraliz
Data Breach Today
SEPTEMBER 30, 2021
CISA Warns of 'Widespread Exploitation' for 1 Critical Bug Cybersecurity vendor VMware has published a security advisory detailing 19 vulnerabilities affecting its vCenter server and Cloud Foundation products and has released fixes for all of them. One of the flaws has a high CVSS of 9.8, and CISA is warning of its "widespread exploitation.
Schneier on Security
SEPTEMBER 30, 2021
The NSA and CISA have released a document on how to harden your VPN.
Advertiser: ZoomInfo
ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!
WIRED Threat Level
SEPTEMBER 25, 2021
Plus: The ransomware scourge continues, a massive botnet gets wounded, and more of the week’s top security news.
Security Affairs
SEPTEMBER 26, 2021
Researchers from Google’s TAG team reported that financially motivated actors are using new code signing tricks to evade detection. Researchers from Google’s Threat Analysis Group reported that financially motivated actors are using new code signing tricks to evade detection. By code signing executables, it is possible to verify their integrity and provide information about the identity of the signer.
Data Breach Today
OCTOBER 1, 2021
The latest edition of the ISMG Security Report features an analysis of how a cryptocurrency exchange bug has revealed North Korean Monero laundering. Also featured are cyber insurance trends and cybercrime innovation.
Schneier on Security
SEPTEMBER 28, 2021
These two sites tell you what sorts of information you’re leaking from your browser.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
WIRED Threat Level
SEPTEMBER 27, 2021
The internet infrastructure company wants to protect your inbox from targeted threats, starting with the launch of two new tools.
Security Affairs
SEPTEMBER 27, 2021
Telegram is becoming an essential platform for cybercriminal activities, crooks use it but and sell any kind of stolen data and hacking tools. Many experts believe that the popular Telegram app is an efficient alternative to dark web marketplaces, its channels are used by hacking communities and cybercriminals to buy and sell stolen data, accesses to compromised infrastructure, and hacking tools.
Data Breach Today
SEPTEMBER 28, 2021
Researchers Say Trojan Steals Data from Steam, Epic Games Stores, EA Origin Researchers at cybersecurity firm Kaspersky have discovered an advanced Trojan, dubbed BloodyStealer, stealing gamer accounts and data from platforms such as Steam, Epic Games Stores and EA Origin. They say there is a demand for this type of data among cybercriminals.
Expert insights. Personalized for you.
361 
Let's personalize your content