Sat.Sep 02, 2023 - Fri.Sep 08, 2023

article thumbnail

How Secure Is Your Authentication Method?

KnowBe4

I frequently write about authentication, including PKI, multi-factor authentication (MFA), password managers, FIDO, Open Authentication, and biometrics. I have written dozens of articles on LinkedIn and have presented during many KnowBe4 webinars about different authentication subjects.

article thumbnail

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.

Passwords 359
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cryptocurrency Startup Loses Encryption Key for Electronic Wallet

Schneier on Security

The cryptocurrency fintech startup Prime Trust lost the encryption key to its hardware wallet—and the recovery key—and therefore $38.9 million. It is now in bankruptcy. I can’t understand why anyone thinks these technologies are a good idea.

article thumbnail

Tattletale Ransomware Gangs Threaten to Reveal GDPR Breaches

Data Breach Today

Repeat Shakedown Tactic: Victims Told to Pay Up or Else They'll Pay Massive Fines Ransomware groups do whatever they can to pressure a victim into paying. Enter the likes of Ransomed, following in the footsteps of Alphv/BlackСat, NoEscape and Good Day-powered Cloak, all of which threaten victims with a world of General Data Protection Regulation violation pain, unless they pay.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

News Alert: Reflectiz declares war on Magecart web-skimming attacks as holidays approach

The Last Watchdog

Tel Aviv, Israel, Sept. 5, 2023 — Reflectiz , a cybersecurity company specializing in continuous web threat management offers an exclusive, fully remote solution to battle Magecart web-skimming attacks, a popular type of cyberattacks involving injecting malicious code into the checkout pages. As the Holiday Season approaches, online retailers face the challenge of protecting their websites against the growing threat of malicious attacks, such as Magecart.

Retail 278

More Trending

article thumbnail

Customer Spotlight: Achieve Smarter Modernization Beyond Mainframe Architecture  

OpenText Information Management

For organizations where mainframe and COBOL are at the heart of operations, going beyond the bounds of mainframe architecture to efficiently scale and innovate at speed can seem daunting. Fortunately, there are valuable steps you can take to accelerate your digital transformation journey while staying agile in today’s fast-paced multi-cloud world. Recent OpenText research revealed … The post Customer Spotlight: Achieve Smarter Modernization Beyond Mainframe Architecture appeared first on

article thumbnail

Breach Roundup: Swedish Insurer Fined $3M for GDPR Breach

Data Breach Today

Also, Google Fitbit Faces Privacy Complaints From Schrems This week, the Swedish DPA fined an insurer $3 million for violating GDPR, a DDoS attack disrupted a German financial agency website, Google Fitbit faced privacy complaints from Schrems, Ragnar Locker published hacked hospital data, and Seville, Spain dealt with the aftermath of a ransomware attack.

Insurance 309
article thumbnail

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

The Last Watchdog

New government rules coupled with industry standards meant to give formal shape to the Internet of Things (IoT) are rapidly quickening around the globe. Related: The need for supply chain security This is to be expected. After all, government mandates combined with industry standards are the twin towers of public safety. Without them the integrity of our food supplies, the efficacy of our transportation systems and reliability of our utilities would not be what they are.

IoT 220
article thumbnail

Social engineering attacks target Okta customers to achieve a highly privileged role

Security Affairs

Identity services provider Okta warned customers of social engineering attacks carried out by threat actors to obtain elevated administrator permissions. Okta is warning customers of social engineering attacks carried out in recent weeks by threat actors to obtain elevated administrator permissions. The attacks targeted IT service desk staff to trick them into resetting all multi-factor authentication (MFA) factors enrolled by highly privileged users.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Mainframe and the cloud? It’s easy with open source

IBM Big Data Hub

This is part four in a five-part series on mainframe modernization. The secret to mainstreaming the mainframe into today’s modern, cloud-centric IT environments is to make the experience of working with the mainframe like the experience of working off the mainframe—especially the developer experience (DX). Historically, working on the mainframe was an entirely different experience from the distributed world.

Cloud 120
article thumbnail

ISMG Editors: Reasons to Cheer About Cybersecurity Market

Data Breach Today

Also: Feds Out Hospitals Over Tracking Tools; Ongoing Saga of Wiz-SentinelOne Deal In the latest weekly update, ISMG editors discuss the state of cybersecurity market resilience in 2023, why U.S. federal regulators publicly named 130 healthcare firms using web trackers and how SentinelOne ended its partnership with startup Wiz amid takeover discussions.

Marketing 289
article thumbnail

GUEST ESSAY: Securing your cryptocurrency — best practices for Bitcoin wallet security

The Last Watchdog

Over time, Bitcoin has become the most widely used cryptocurrency in the world. Strong security measures become increasingly important as more people use this digital currency. Related: Currency exchange security issues For managing and keeping your Bitcoin assets, you must need a bitcoin wallet, which is a digital version of a conventional wallet. The protection of your priceless digital assets will be guaranteed by this article’s discussion of the best techniques for protecting your Bitc

Security 100
article thumbnail

MITRE and CISA release Caldera for OT attack emulation

Security Affairs

MITRE and CISA released a Caldera extension for OT that allows the emulation of attacks on operational technology systems. MITRE Caldera is an open-source adversary emulation platform that helps cybersecurity practitioners to automate security assessments. The tool is built on the MITRE ATT&CK framework, which is a widely-recognized framework for understanding and responding to cyber threats. “Without further ado, the MITRE Caldera team is proud to announce the release of Caldera for O

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Cybersecurity Mergers Flatline. Here’s Why That Won’t Last.

eSecurity Planet

Much like the rest of technology, merger and acquisition (M&A) activity for cybersecurity companies has been in a slump this year. There are a number of reasons why that won’t last, but still, the decline has been noteworthy. For the first seven months of this year, there were a mere 34 startups that got acquired, according to data from Crunchbase.

article thumbnail

Generative AI Warnings Contain Their Own Dangers

Data Breach Today

AI Could Undermine Trust in Democracy, Starting With This Very Statement Artificial intelligence holds the potential to undermine trust in democracy - but overwrought warnings themselves can erode trust in the system critics seek to preserve, warns a cybersecurity firm. AI is "a long way from massively influencing our perception of reality and political discourse.

article thumbnail

European Commission Designates Gatekeepers Under the Digital Markets Act

Hunton Privacy

On September 6, 2023, the European Commission designated six companies as gatekeepers under Article 3 of the Digital Markets Act (“DMA”). The new gatekeepers are Alphabet, Amazon, Apple, ByteDance, Meta and Microsoft. Jointly, these companies provide 22 core platform services, including social networks, internet browsers, operative systems and mobile app stores.

Marketing 119
article thumbnail

A massive DDoS attack took down the site of the German financial agency BaFin

Security Affairs

A distributed denial-of-service (DDoS) attack took the site of the German Federal Financial Supervisory Authority (BaFin) down. A distributed denial-of-service (DDoS) attack took the site of the German Federal Financial Supervisory Authority (BaFin) down for some days. It is not clear who is behind the DDoS attack, but the media speculate that it was launched by pro-Russian hacktivists in response to the German financial and military support to Ukraine.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

'Evil Telegram' Spyware Campaign Infects 60K+ Mobile Users

Dark Reading

Legitimate-seeming Telegram "mods" available in the official Google Play store for the encrypted messaging app signal the rise of a new enterprise threat.

article thumbnail

APT28 Spear-Phishes Ukrainian Critical Energy Facility

Data Breach Today

Energy Facility Impeded Attack by Blocking the Launch of the Windows Script Host Ukrainian cyber defenders say Russian military hackers targeted a critical energy infrastructure facility with phishing emails containing a malicious script leading to cyberespionage. An energy facility cyber defender impeded the attack by blocking the launch of indows Script Host, CERT-UA says.

Phishing 296
article thumbnail

Ransomware Attacks Speed up 44% Leaving Less Time for Detection and Response

KnowBe4

New data suggests that the gangs and toolkits behind current ransomware attacks are materially improving their abilities, resulting in a speeding up of attacks before defenses kick in.

article thumbnail

ASUS routers are affected by three critical remote code execution flaws

Security Affairs

Three critical remote code execution vulnerabilities in ASUS routers potentially allow attackers to hijack the network devices. ASUS routers RT-AX55, RT-AX56U_V2, and RT-AC86U are affected by three critical remote code execution vulnerabilities that can potentially allow threat actors to take over the devices. The three vulnerabilities were reported by the Taiwanese CERT, below are their descriptions: CVE-2023-39238 (CVSS 9.8): ASUS RT-AX55, RT-AX56U_V2 and RT-AC86U iperf-related modules set_ipe

Access 145
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Generative AI: Meet your partner in customer service

IBM Big Data Hub

Brands that deliver an excellent customer experience (CX) will always be more resilient than those that don’t. Giving our customers personalized support at every stage of their journey is proven to earn their longtime loyalty—and keep them from switching to a competitor. The challenge, however, is that many teams operate in siloes that inhibit them from applying their customer insights in meaningful ways.

article thumbnail

Norway Court Upholds Temporary Ban of Behavioral Ads on Meta

Data Breach Today

Facebook Sought to Halt Datatilsynet From Imposing Daily Fines for Noncompliance A Norway court sided with the country's data protection authority in a battle against Facebook over surveillance based-ads, ruling that the agency has the authority to tell the social media giant to temporarily halt behavioral tracking without explicit consent or face daily fines.

288
288
article thumbnail

How Companies Can Cope With the Risks of Generative AI Tools

Dark Reading

To benefit from AI yet minimize risk, companies should be cautious about information they share, be aware of AI's limitations, and stay vigilant about business implications.

Risk 119
article thumbnail

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

U.S. CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. The US agency has detected the presence of indicators of compromise (IOCs) at an Aeronautical Sector organization as early as January 2023.

article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

The Comedy of Errors That Let China-Backed Hackers Steal Microsoft’s Signing Key

WIRED Threat Level

After leaving many questions unanswered, Microsoft explains in a new postmortem the series of slipups that allowed attackers to steal and abuse a valuable cryptographic key.

Security 119
article thumbnail

Cybercrime Tremors: Experts Forecast Qakbot Resurgence

Data Breach Today

TrickBot and Emotet Botnets Both Returned After Disruption by Law Enforcement Has the cry of the Qakbot come to an end? While the pernicious, multifunction malware fell quiet last week thanks to Operation "Duck Hunt," lucrative cybercrime operations have a history of rebooting themselves. Rivals also offer ready alternatives to ransomware groups and other criminal users.

article thumbnail

Inconsistencies in the Common Vulnerability Scoring System (CVSS)

Schneier on Security

Interesting research : Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities Abstract: The Common Vulnerability Scoring System (CVSS) is a popular method for evaluating the severity of vulnerabilities in vulnerability management. In the evaluation process, a numeric score between 0 and 10 is calculated, 10 being the most severe (critical) value.

Security 117