Sat.Jan 16, 2021 - Fri.Jan 22, 2021

article thumbnail

Biden's $10 Billion Cybersecurity Proposal: Is It Enough?

Data Breach Today

Security Experts Say Proposal Amounts to a 'Down Payment' President-elect Joe Biden's $1.9 trillion plan for COVID-19 relief includes nearly $10 billion in cybersecurity and IT spending. Some security experts hope the amount as just a "down payment" toward a broader effort.

article thumbnail

Parler Finds a Reprieve in Russia—but Not a Solution

WIRED Threat Level

The far-right platform still hasn't found a US-based home. Where it lands could have serious consequences for its users' privacy.

Privacy 145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

What is a DoS (Denial-of-Service) Attack?

IT Governance

Denial-of-service (DoS) attacks are intended to shut down or severely disrupt an organisation’s systems. Unlike most cyber attacks, the goal isn’t to steal sensitive information but to frustrate the victim by knocking their website offline.

Risk 105
article thumbnail

New Charges Derail COVID Release for Hacker Who Aided ISIS

Krebs on Security

A hacker serving a 20-year sentence for stealing personal data on 1,300 U.S. military and government employees and giving it to an Islamic State hacker group in 2015 has been charged once again with fraud and identity theft. The new charges have derailed plans to deport him under compassionate release because of the COVID-19 pandemic. Ardit Ferizi , a 25-year-old citizen of Kosovo, was slated to be sent home earlier this month after a federal judge signed an order commuting his sentence to time

Military 343
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Texas Medical Center Breach Affects 640,000

Data Breach Today

Apparent Ransomware Attack Exposed Patient Information An apparent ransomware incident at a Texas healthcare organization has potentially compromised the protected health information of more than 640,000 individuals.

More Trending

article thumbnail

Abusing Windows RDP servers to amplify DDoS attacks

Security Affairs

Threat actors are abusing Windows Remote Desktop Protocol (RDP) servers to amplify Distributed Denial of Service (DDoS) attacks. Attackers are abusing Windows Remote Desktop Protocol (RDP) servers to amplify Distributed Denial of Service (DDoS) attacks. The Microsoft Remote Desktop Protocol (RDP) is a built-in service in Microsoft Windows operating systems that provides authenticated remote virtual desktop infrastructure (VDI) access to Windows-based workstations and servers.

Access 145
article thumbnail

Joker’s Stash Carding Market to Call it Quits

Krebs on Security

Joker’s Stash , by some accounts the largest underground shop for selling stolen credit card and identity data, says it’s closing up shop effective mid-February 2021. The announcement came on the heels of a turbulent year for the major cybercrime store, and just weeks after U.S. and European authorities seized a number of its servers. A farewell message posted by Joker’s Stash admin on Jan. 15, 2021.

Marketing 277
article thumbnail

Fueled by Profits, Ransomware Persists in New Year

Data Breach Today

Increasing Ransomware Varieties and Attack Volume Look Set to Continue, Experts Warn Ransomware dominated the cybercrime landscape in 2020 and looks set to do so again this year, as criminals seek fresh new ways to make victims pay. Experts predict gangs will double down on whatever works, which lately includes data exfiltration.

article thumbnail

Four Steps to Support Compliant Data Transfers Without Privacy Shield

AIIM

The recent Court of Justice of the European Union (CJEU) Schrems II ruling, which invalidated the longstanding U.S.-EU Privacy Shield framework, has created a wave of uncertainty for the legal industry. Ever since the U.S.-EU Safe Harbor framework was retired in 2015 as a result of Schrems I , lawyers have faced challenges in ensuring the legality of transferring data between the EU and U.S. in multi-national litigation and investigations.

Privacy 163
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

A Site Published Every Face From Parler's Capitol Riot Videos

WIRED Threat Level

Faces of the Riot used open source software to detect, extract, and deduplicate every face from the 827 videos taken from the insurrection on January 6.

Privacy 145
article thumbnail

Passwords stolen via phishing campaign available through Google search

Security Affairs

Bad ops of operators of a phishing campaign exposed credentials stolen in attacks and made them publicly available through Google queries. . Check Point Research along with experts from cybersecurity firm Otorio shared details on their investigation into a large-scale phishing campaign that targeted thousands of global organizations. The campaign has been active since August, the attackers used emails that masqueraded as Xerox scan notifications that were urging recipients into opening a malici

Phishing 145
article thumbnail

President Biden Orders SolarWinds Intelligence Assessment

Data Breach Today

New Administration Signals Importance of Cybersecurity to National Security Agenda The new Biden administration has pledged to hold Russia accountable for its recent "reckless and adversarial" actions and has ordered a full-scale intelligence review of the SolarWinds hack. The moves signal the importance of cybersecurity to President Biden's national security agenda.

article thumbnail

The IoT Cybersecurity Act of 2020: Implications for Devices

eSecurity Planet

A universe of devices and technology has fallen into our laps at a speed that organizations struggle to manage effectively. And that boom in devices shows no signs of stopping. In 2019, there were an estimated 9.9 billion Internet of Things (IoT) devices. By 2025, we expect 21.5 billion. As more information about IoT device vulnerabilities is published, the pressure on industry and government authorities to enhance security standards might be reaching a tipping point.

IoT 145
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

The FBI Has Made Over 100 Arrests Related to the Capitol Riot

WIRED Threat Level

Plus: A dark web takedown, a bitcoin scam, and more of the week's top security news.

Security 144
article thumbnail

Raindrop, a fourth malware employed in SolarWinds attacks

Security Affairs

The threat actors behind the SolarWinds attack used malware dubbed Raindrop for lateral movement and deploying additional payloads. Security experts from Symantec revealed that threat actors behind the SolarWinds supply chain attack leveraged a malware named Raindrop for lateral movement and deploying additional payloads. Raindrop is the fourth malware that was discovered investigating the SolarWinds attack after the SUNSPOT backdoor, the Sunburst / Solorigate backdoor and the Teardrop tool. .

article thumbnail

Biden Fills 3 Cybersecurity Positions

Data Breach Today

Senior Director for Cyber and Others Announced President Joe Biden's cybersecurity team is beginning to take shape, with three appointments recently announced, including Michael Sulmeyer as senior director for cyber.

article thumbnail

4 Intriguing Email Attacks Detected by AI in 2020

Dark Reading

Here's to the sneakiest of the sneaky. These clever phishing messages -- that standard validation measures often missed -- deserve proper dishonor.

Phishing 144
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Trump’s Worst, Most Bizarre Statements About ‘the Cyber’

WIRED Threat Level

Over the course of his presidency, he managed to be consistently wrong, outrageous, and dangerous in equal measure. We look back at his most notorious remarks.

Security 142
article thumbnail

Two kids found a screensaver bypass in Linux Mint

Security Affairs

The development team behind the Linux Mint distro has fixed a security flaw that could have allowed users to bypass the OS screensaver. The maintainers of the Linux Mint project have addressed a security bug that could have allowed attackers to bypass the OS screensaver. The curious aspect of this vulnerability is related to its discovery, in fact, it was found by too children that were playing on their dad’s computer.

Security 145
article thumbnail

Microsoft Describes How SolarWinds Hackers Avoided Detection

Data Breach Today

Attackers Went to Great Lengths to Separate the Backdoor From Loader Microsoft researchers are offering fresh details on the SolarWinds hackers' extensive efforts to remain hidden, which gave them more time to fully penetrate systems, move laterally through networks and exfiltrate data in follow-on attacks.

338
338
article thumbnail

Critical Cisco SD-WAN Bugs Allow RCE Attacks

Threatpost

Cisco is stoppering critical holes in its SD-WAN solutions and its smart software manager satellite.

IT 139
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

UK Case Tests the Territorial Application of the GDPR to U.S. Run Website

Hunton Privacy

The recent UK case of Soriano v Forensic News and Others tested the territorial reach of the General Data Protection Regulation (“GDPR”) and represents the first UK judgment dealing with the territorial scope of the GDPR. This was a “service out” case, where the claimant, Walter T. Soriano, sought the Court’s permission under the UK Civil Procedure Rules to serve proceedings on the defendants, who were all domiciled in the U.S.

GDPR 137
article thumbnail

KindleDrip exploit – Hacking a Kindle device with a simple email

Security Affairs

KindleDrip : Amazon addressed a number of flaws affecting the Kindle e-reader that could have allowed an attacker to take control of victims’ devices. Security experts at Realmode Labs discovered multiple vulnerabilities in the Kindle e-reader that could have allowed an attacker to take over victims’ devices. The researchers noticed that the “Send to Kindle” feature allows Kindle users to send e-books to their devices as email attachments, a behavior that could be potentially explo

article thumbnail

Chinese Hacking Group Targets Airlines, Semiconductor Firms

Data Breach Today

'Chimera' Exfiltrates Intellectual Property, Personal Data A hacking group with apparent ties to China is targeting airlines and semiconductor firms to steal intellectual property and personal data in repeated exfiltration efforts, according to the NCC Group.

article thumbnail

ADT Tech Hacks Home-Security Cameras to Spy on Women

Threatpost

A former ADT employee pleads guilty of accessing customers’ cameras so he could spy on them.

Security 136
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

The SolarWinds Hackers Used Tactics Other Groups Will Copy

WIRED Threat Level

The supply chain threat was just the beginning.

Security 136
article thumbnail

FreakOut botnet target 3 recent flaws to compromise Linux devices

Security Affairs

Security researchers uncovered a series of attacks conducted by the FreakOut botnet that leveraged recently discovered vulnerabilities. Security researchers from Check Point have uncovered a series of attacks associated with the FreakOut botnet that is targeting multiple unpatched flaws in applications running on top of Linux systems. The botnet appeared in the threat landscape in November 2020, in some cases the attacks leveraged recently disclosed vulnerabilities to inject OS commands.

Mining 145
article thumbnail

'FreakOut' Botnet Targets Unpatched Linux Systems

Data Breach Today

Researchers Says Malicious Network Could Be Used to Launch DDoS Attacks Researchers at Check Point Research are tracking a new botnet dubbed "FreakOut" that's targeting vulnerabilities in Linux systems. The malware is creating a malicious network that has the potential to launch DDoS attacks.

336
336