Sat.Jan 07, 2023 - Fri.Jan 13, 2023

article thumbnail

GUEST ESSAY: In pursuit of smarter cybersecurity — to overcome complex risks and grow revenue

The Last Watchdog

In golf there’s a popular saying: play the course, not your opponent. Related: How ‘CAASM’ closes gaps. In an enterprise, it’s the same rule. All areas of an organization need to be free to “play their own game.”. And when malware, ransomware, or other cyber threats get in the way, the focus shifts from forward progress to focused co-operation.

Risk 214
article thumbnail

Kubernetes-Related Security Projects to Watch in 2023

Dark Reading

Organizations must be vigilant about balancing performance gains with security, governance, and compliance as they expand their use of Kubernetes.

Security 120
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

4 Changing International Data Protection Laws to Watch

Data Breach Today

Organizations Need to Know How Privacy Laws Affect Compliance Demands

article thumbnail

Identity Thieves Bypassed Experian Security to View Credit Reports

Krebs on Security

Identity thieves have been exploiting a glaring security weakness in the website of Experian , one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history. But until the end of 2022, Experian’s website allowed anyone to bypass these questions and go straight to the consumer’s report.

Security 358
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

LockBit Ransomware Group Reportedly Behind Royal Mail Attack

Data Breach Today

Attack Is Disrupting International Mail Export Services The cyber incident at the Royal Mail that is impeding exports from the United Kingdom is reportedly a ransomware attack by the LockBit ransomware-as-a-service group. Britain's national postal service told customers Thursday not to post export items.

More Trending

article thumbnail

Attackers Are Already Exploiting ChatGPT to Write Malicious Code

Dark Reading

The AI-based chatbot is allowing bad actors with absolutely no coding experience to develop malware.

139
139
article thumbnail

Microsoft Patch Tuesday, January 2023 Edition

Krebs on Security

Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software. Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. National Security Agency , and a critical Microsoft SharePoint Server bug that allows a remote, unauthenticated attacker to make an anonymous connection.

article thumbnail

Patched Chromium Vulnerability Allowed File Theft

Data Breach Today

Bug Exploited Symbolic Links to Find a File Path to Sensitive Data A high-severity vulnerability patched by Google Chrome a few months ago allowed hackers to steal sensitive files such as crypto wallets. Hackers increasingly are targeting individuals and organizations that hold cryptocurrencies, writes Imperva security researcher Ron Masas, who discovered the flaw.

Security 312
article thumbnail

ChatGPT-Written Malware

Schneier on Security

I don’t know how much of a thing this will end up being, but we are seeing ChatGPT-written malware in the wild. …within a few weeks of ChatGPT going live, participants in cybercrime forums—­some with little or no coding experience­—were using it to write software and emails that could be used for espionage, ransomware, malicious spam, and other malicious tasks. “It’s still too early to decide whether or not ChatGPT capabilities will become the new favorite tool for

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Sneaky New Stealer Woos Corporate Workers Through Fake Zoom Downloads

Dark Reading

Rhadamanthys spreads through Google Ads that redirect to bogus download sites for popular workforce software — as well as through more typical malicious emails.

126
126
article thumbnail

Password Managers Can Be Hacked Lots of Ways and Yes, You Should Still Use Them

KnowBe4

The recent hack (at least 7 th ) of the LastPass password manager has lots of people wondering if they should use a password manager.

Passwords 124
article thumbnail

ChatGPT Showcases Promise of AI in Developing Malware

Data Breach Today

Check Point Spotted Hacking Forum Posters Probing AI Tool's Malware Capabilities Low-level hackers are probing the capacity of ChatGPT to generate scripts that could be used toward criminal ends, such as for stealing files or malicious encryption. One poster on a hacking forum described the process as writing pseudo-code. More sophisticated cases are likely a matter of time.

article thumbnail

Identifying People Using Cell Phone Location Data

Schneier on Security

The two people who shut down four Washington power stations in December were arrested. This is the interesting part: Investigators identified Greenwood and Crahan almost immediately after the attacks took place by using cell phone data that allegedly showed both men in the vicinity of all four substations, according to court documents. Nowadays, it seems like an obvious thing to do—although the search is probably unconstitutional.

Archiving 130
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Data Breaches and Cyber Attacks in 2022: 408 Million Breached Records

IT Governance

Welcome to our review of security incidents for 2022, in which we take a closer look at the information gathered in our monthly lists of data breaches and cyber attacks. Here, you’ll find an overview of the cyber security landscape in 2022, including the total number of publicly disclosed security incidents, the number of compromised records and the sectors most susceptible to data breaches.

article thumbnail

Malware Comes Standard With This Android TV Box on Amazon

Dark Reading

The bargain T95 Android TV device was delivered with preinstalled malware, adding to a trend of Droid devices coming out-of-the-box tainted.

121
121
article thumbnail

Twitter: Latest Dump Has 'Already Publicly Available' Data

Data Breach Today

Reports 'No Evidence' Twitter Flaw Exploited to Amass Latest Leaked Data on Users Twitter says a massive collection of purported user data being sold and then leaked via cybercrime markets was not amassed by exploiting a vulnerability in its systems but is instead "likely a collection of data already publicly available online through different sources.

Marketing 263
article thumbnail

Researchers’ Quantum Threat Debunked, RSA Safe for Now

eSecurity Planet

In a paper published late last month, 24 Chinese researchers suggested that RSA-2048 encryption could be broken using a quantum computer with 372 physical quantum bits. Cryptographer Bruce Schneier drew attention to the paper [PDF] last week in a blog post , noting that IBM recently announced a 433-qubit quantum computer, far exceeding the researchers’ stated requirements. “This is something to take seriously,” Schneier wrote. “It might not be correct, but it’s not

Paper 119
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Government Workers as Phishing Targets

KnowBe4

Government workers are prime targets for social engineering attacks, according to Kaitlyn Levinson at GCN. Attackers use different tactics to target government employees in specific roles. Levinson quotes Rita Reynolds, Chief Information Officer for the National Association of Counties, as saying that customer-facing county employees might be more likely to assume that requests are legitimate, since they deal with so many people each day.

article thumbnail

Norton LifeLock Warns on Password Manager Account Compromises

Dark Reading

Password manager accounts may have, ironically, been compromised via simple credential stuffing, thanks to password reuse.

Passwords 120
article thumbnail

Medical Imaging Firm Faces 2 Class Actions in 2022 Breach

Data Breach Today

Massachusetts Citizens Excluded From Feds' Case Against Shields Health Care Group Shields Health Care Group, a Massachusetts-based medical imaging services provider, is facing two class action lawsuits filed this week - a consolidated federal case and a similar, separate case filed in state court - both in the wake of the same 2022 data breach affecting 2 million individuals.

article thumbnail

Microsoft Patch Tuesday Fixes 11 Critical Vulnerabilities, One Zero-Day

eSecurity Planet

Microsoft’s first Patch Tuesday of 2023 addresses 98 vulnerabilities, more than twice as many as last month – including one zero-day flaw that’s being actively exploited, as well as 11 critical flaws. The zero-day, CVE-2023-21674 , is a Windows Advanced Local Procedure Call (ALPC) elevation of privilege vulnerability with a CVSS score of 8.8.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Top 10 network security best practices

OpenText Information Management

Network security is constantly evolving. To stay ahead of bad actors, follow these 10 best practices to reduce the risk of data compromise. 1. Review the basics As obvious as it sounds, it’s always good to start by auditing the basic security elements of your network: Are your facilities, servers and systems physically secure? Are … The post Top 10 network security best practices appeared first on OpenText Blogs.

Security 115
article thumbnail

$20K Buys Insider Access to Telegram Servers, Dark Web Ad Claims

Dark Reading

In the ad, cybercriminals are offering to sell employee-level access to Telegram, researchers warn.

Access 119
article thumbnail

Aflac, Zurich Policyholders in Japan Affected by Data Leaks

Data Breach Today

Subcontractor Server Hacked in Both Incidents Compromising Data of Millions Personal information for nearly 3.2 million Aflac cancer insurance and almost 760,000 Zurich Insurance auto insurance policy holders in Japan has been leaked on the dark web following hacks on a third-party contractor.

Insurance 245
article thumbnail

A Look Back On Five Key Developments in Cybersecurity and Data Protection in Southeast Asia in 2022

Data Protection Report

With the year 2022 firmly in the rear view, and as we look to start the new year in 2023, Norton Rose Fulbright’s Regulatory Compliance and Investigations team looks back and rounds up the five key cyber and data protection developments that took place in Southeast Asia in 2022. . Privacy developments in Singapore – enhanced financial penalties under Personal Data Protection Act 2012 (Singapore PDPA), Singapore Court of Appeal clarifies right to private action under PDPA and Singapore High Cou

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Experian Privacy Vulnerability

Schneier on Security

Brian Krebs is reporting on a vulnerability in Experian’s website: Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus. Normally, Experian requires that those seeking a copy of their credit report successfully answer several multiple choice questions about their financial history.

Privacy 112
article thumbnail

Cyberattack Cancels Classes for Des Moines Public Schools

Dark Reading

School to resume Thursday, Jan. 12, after Iowa school district detected unusual network activity and pulled the plug.

112
112
article thumbnail

French CNIL Fines TikTok 5 Million Euros for Cookie Policies

Data Breach Today

Agency Says the Company's Policies Violated National Data Protection Law TikTok must pay a fine of 5 million euros to the French government after the country's data protection agency said the short-form video app violated national privacy law restricting the monitoring of web browser activity. TikTok is at the center of a number of privacy controversies worldwide.

Privacy 238