Sat.Sep 02, 2023 - Fri.Sep 08, 2023

article thumbnail

How Secure Is Your Authentication Method?

KnowBe4

I frequently write about authentication, including PKI, multi-factor authentication (MFA), password managers, FIDO, Open Authentication, and biometrics. I have written dozens of articles on LinkedIn and have presented during many KnowBe4 webinars about different authentication subjects.

article thumbnail

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.

Passwords 362
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Trending Sources

article thumbnail

Cryptocurrency Startup Loses Encryption Key for Electronic Wallet

Schneier on Security

The cryptocurrency fintech startup Prime Trust lost the encryption key to its hardware wallet—and the recovery key—and therefore $38.9 million. It is now in bankruptcy. I can’t understand why anyone thinks these technologies are a good idea.

article thumbnail

Tattletale Ransomware Gangs Threaten to Reveal GDPR Breaches

Data Breach Today

Repeat Shakedown Tactic: Victims Told to Pay Up or Else They'll Pay Massive Fines Ransomware groups do whatever they can to pressure a victim into paying. Enter the likes of Ransomed, following in the footsteps of Alphv/BlackСat, NoEscape and Good Day-powered Cloak, all of which threaten victims with a world of General Data Protection Regulation violation pain, unless they pay.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

News Alert: Reflectiz declares war on Magecart web-skimming attacks as holidays approach

The Last Watchdog

Tel Aviv, Israel, Sept. 5, 2023 — Reflectiz , a cybersecurity company specializing in continuous web threat management offers an exclusive, fully remote solution to battle Magecart web-skimming attacks, a popular type of cyberattacks involving injecting malicious code into the checkout pages. As the Holiday Season approaches, online retailers face the challenge of protecting their websites against the growing threat of malicious attacks, such as Magecart.

Retail 278

More Trending

article thumbnail

The International Criminal Court Will Now Prosecute Cyberwar Crimes

WIRED Threat Level

And the first case on the docket may well be Russia’s cyberattacks against civilian critical infrastructure in Ukraine.

Security 145
article thumbnail

Breach Roundup: Swedish Insurer Fined $3M for GDPR Breach

Data Breach Today

Also, Google Fitbit Faces Privacy Complaints From Schrems This week, the Swedish DPA fined an insurer $3 million for violating GDPR, a DDoS attack disrupted a German financial agency website, Google Fitbit faced privacy complaints from Schrems, Ragnar Locker published hacked hospital data, and Seville, Spain dealt with the aftermath of a ransomware attack.

Insurance 311
article thumbnail

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

The Last Watchdog

New government rules coupled with industry standards meant to give formal shape to the Internet of Things (IoT) are rapidly quickening around the globe. Related: The need for supply chain security This is to be expected. After all, government mandates combined with industry standards are the twin towers of public safety. Without them the integrity of our food supplies, the efficacy of our transportation systems and reliability of our utilities would not be what they are.

IoT 220
article thumbnail

ASUS routers are affected by three critical remote code execution flaws

Security Affairs

Three critical remote code execution vulnerabilities in ASUS routers potentially allow attackers to hijack the network devices. ASUS routers RT-AX55, RT-AX56U_V2, and RT-AC86U are affected by three critical remote code execution vulnerabilities that can potentially allow threat actors to take over the devices. The three vulnerabilities were reported by the Taiwanese CERT, below are their descriptions: CVE-2023-39238 (CVSS 9.8): ASUS RT-AX55, RT-AX56U_V2 and RT-AC86U iperf-related modules set_ipe

Access 145
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Facebook Trains Its AI on Your Data. Opting Out May Be Futile

WIRED Threat Level

Here's how to request that your personal information not be used to train Meta's AI model. "Request" is the operative word here.

IT 144
article thumbnail

Generative AI Warnings Contain Their Own Dangers

Data Breach Today

AI Could Undermine Trust in Democracy, Starting With This Very Statement Artificial intelligence holds the potential to undermine trust in democracy - but overwrought warnings themselves can erode trust in the system critics seek to preserve, warns a cybersecurity firm. AI is "a long way from massively influencing our perception of reality and political discourse.

article thumbnail

Inconsistencies in the Common Vulnerability Scoring System (CVSS)

Schneier on Security

Interesting research : Shedding Light on CVSS Scoring Inconsistencies: A User-Centric Study on Evaluating Widespread Security Vulnerabilities Abstract: The Common Vulnerability Scoring System (CVSS) is a popular method for evaluating the severity of vulnerabilities in vulnerability management. In the evaluation process, a numeric score between 0 and 10 is calculated, 10 being the most severe (critical) value.

Security 131
article thumbnail

MITRE and CISA release Caldera for OT attack emulation

Security Affairs

MITRE and CISA released a Caldera extension for OT that allows the emulation of attacks on operational technology systems. MITRE Caldera is an open-source adversary emulation platform that helps cybersecurity practitioners to automate security assessments. The tool is built on the MITRE ATT&CK framework, which is a widely-recognized framework for understanding and responding to cyber threats. “Without further ado, the MITRE Caldera team is proud to announce the release of Caldera for O

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

How China Demands Tech Firms Reveal Hackable Flaws in Their Products

WIRED Threat Level

Some foreign companies may be complying—potentially offering China’s spies hints for hacking their customers.

Security 144
article thumbnail

Apple Fixes Zero-Click Bugs Exploited by NSO Group's Spyware

Data Breach Today

'BlastPass' Can Compromise iPhones Running the Latest iOS Version, Researchers Say Apple released patches Thursday to close a zero-click exploit makers of the Pegasus advanced spyware app used to infect at least one iPhone carried by an individual employed at a Washington, D.C.-based civil society organization. The lab calls the exploit "BlastPass.

306
306
article thumbnail

Apple Hit By 2 No-Click Zero-Days in Blastpass Exploit Chain

Dark Reading

Researchers at Citizen Lab recommend immediately updating any iPhones and iPads to the latest OSes.

129
129
article thumbnail

Social engineering attacks target Okta customers to achieve a highly privileged role

Security Affairs

Identity services provider Okta warned customers of social engineering attacks carried out by threat actors to obtain elevated administrator permissions. Okta is warning customers of social engineering attacks carried out in recent weeks by threat actors to obtain elevated administrator permissions. The attacks targeted IT service desk staff to trick them into resetting all multi-factor authentication (MFA) factors enrolled by highly privileged users.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Top US Spies Meet With Privacy Experts Over Surveillance 'Crown Jewel'

WIRED Threat Level

Civil rights groups say efforts to get US intelligence agencies to adopt privacy reforms have largely failed. Without those changes, renewal of a post-911 surveillance policy may be doomed.

Privacy 143
article thumbnail

Zscaler Data Security Platform Takes on Symantec, CASB Tools

Data Breach Today

CEO Jay Chaudhry: In-Line Inspection, App-to-App Protection Aid Data Defense Growth Zscaler's ability to inspect traffic in-line and secure application-to-application communications has driven massive growth in its data protection business, CEO Jay Chaudhry said. Customers have embraced Zscaler's data protection technology over both incumbents like Symantec as well as CASB tools.

Security 304
article thumbnail

'Evil Telegram' Spyware Campaign Infects 60K+ Mobile Users

Dark Reading

Legitimate-seeming Telegram "mods" available in the official Google Play store for the encrypted messaging app signal the rise of a new enterprise threat.

article thumbnail

X will collect biometric data from its premium users

Security Affairs

The social media site X announced that it will collect premium users’ biometric data for security and identification purposes. The social media platform X (formerly known as Twitter) has updated its privacy policy informing its premium users that the company will collect their biometric data to curb fraud and prevent impersonation. Bloomberg first reported the news and confirmed that the change will only impact premium users.

IT 144
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

The Comedy of Errors That Let China-Backed Hackers Steal Microsoft’s Signing Key

WIRED Threat Level

After leaving many questions unanswered, Microsoft explains in a new postmortem the series of slipups that allowed attackers to steal and abuse a valuable cryptographic key.

Security 142
article thumbnail

Netskope Buys Digital Experience Management Startup Kadiska

Data Breach Today

Deal Will Extend DEM Skills to Nontraditional Environments, Nonsecurity Personnel Netskope purchased a French digital experience management startup to monitor and proactively remediate performance issues across both SD-WAN and SSE. The deal will bring network and application performance visibility to user devices as well as hybrid, SaaS and cloud applications.

Cloud 298
article thumbnail

Ransomware Attacks Speed up 44% Leaving Less Time for Detection and Response

KnowBe4

New data suggests that the gangs and toolkits behind current ransomware attacks are materially improving their abilities, resulting in a speeding up of attacks before defenses kick in.

article thumbnail

A massive DDoS attack took down the site of the German financial agency BaFin

Security Affairs

A distributed denial-of-service (DDoS) attack took the site of the German Federal Financial Supervisory Authority (BaFin) down. A distributed denial-of-service (DDoS) attack took the site of the German Federal Financial Supervisory Authority (BaFin) down for some days. It is not clear who is behind the DDoS attack, but the media speculate that it was launched by pro-Russian hacktivists in response to the German financial and military support to Ukraine.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

2 Polish Men Arrested for Radio Hack That Disrupted Trains

WIRED Threat Level

Plus: A major FBI botnet takedown, new Sandworm malware, a cyberattack on two major scientific telescopes—and more.

Privacy 140
article thumbnail

APT28 Spear-Phishes Ukrainian Critical Energy Facility

Data Breach Today

Energy Facility Impeded Attack by Blocking the Launch of the Windows Script Host Ukrainian cyber defenders say Russian military hackers targeted a critical energy infrastructure facility with phishing emails containing a malicious script leading to cyberespionage. An energy facility cyber defender impeded the attack by blocking the launch of indows Script Host, CERT-UA says.

Phishing 298
article thumbnail

LLMs and Tool Use

Schneier on Security

Last March, just two weeks after GPT-4 was released , researchers at Microsoft quietly announced a plan to compile millions of APIs—tools that can do everything from ordering a pizza to solving physics equations to controlling the TV in your living room—into a compendium that would be made accessible to large language models (LLMs). This was just one milestone in the race across industry and academia to find the best ways to teach LLMs how to manipulate tools, which would supercharge

Access 125