Sat.Nov 20, 2021 - Fri.Nov 26, 2021

article thumbnail

Arrest in ‘Ransom Your Employer’ Email Scheme

Krebs on Security

In August, KrebsOnSecurity warned that scammers were contacting people and asking them to unleash ransomware inside their employer’s network, in exchange for a percentage of any ransom amount paid by the victim company. This week, authorities in Nigeria arrested a suspect in connection with the scheme — a young man who said he was trying to save up money to help fund a new social network.

article thumbnail

GUEST ESSAY: Until we eliminate passwords, follow these 4 sure steps to password hygiene

The Last Watchdog

More Americans than ever are working remotely and seeking out entertainment online, and this increase of internet activity has fueled a dramatic spike in cybercrime. With so much critical data now stored in the cloud, how can people protect their accounts? Related: Training human sensors. Until biometrics or a quantum solution change our everyday approach to encryption, passwords remain our first line of defense against data breaches, hackers, and thieves.

Passwords 244
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Experts found 11 malicious Python packages in the PyPI repository

Security Affairs

Researchers discovered 11 malicious Python packages in the PyPI repository that can steal Discord access tokens, passwords, and conduct attacks. JFrog researchers have discovered 11 malicious Python packages in the Python Package Index (PyPI) repository that can steal Discord access tokens, passwords, and even carry out dependency confusion attacks.

article thumbnail

How to Get Executive Support for Your Next Information Governance Initiative

AIIM

Back in 2017, I called up a few of the information governance friends I’d made through the AIIM Community to better understand the challenges they were up against. As we engaged in a bit of Socratic dialogue, it became clear to us all that the perceived role of information governance had to shift from a singular focus on risk and cost reduction. If they don't, they will NEVER change the status of information management within their organizations.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

How Threat Actors Get Into OT Systems

Dark Reading

The convergence and integration of OT and IT has resulted in a growing number of cyber-risks for critical infrastructure. Here are some of the ways attackers are targeting operational technology systems.

Risk 139

More Trending

article thumbnail

New Linux CronRAT hides in cron jobs to evade detection in Magecart attacks

Security Affairs

Security researchers discovered a new Linux RAT, tracked as CronRAT, that hides in scheduled cron jobs to avoid detection. Security researchers from Sansec have discovered a new Linux remote access trojan (RAT), tracked as CronRAT, that hides in the Linux task scheduling system (cron) on February 31st. Threat actors hides the malware in the task names, then the malicious code is constructed using several layers of compression and base64 decoding.

article thumbnail

Top 5 Cloud security challenges, risks and threats

IT Governance

Cloud services are an integral part of modern business. They provide a cost-effective way to store data; and with the rise in hybrid workforces, they deliver a reliable way for employees to access information remotely. But as is often the case with technological solutions, the benefits of convenience comes with security risks. In this blog, we look at the top five Cloud security challenges that organisations face, and provide tips on how to overcome them. 1.

Cloud 129
article thumbnail

Why e-Invoicing has become a global superhero

OpenText Information Management

Who’d have thought the humble invoice was a superhero? Yet, slip a digital cloak on it and it becomes the scourge of tax fraud. Governments worldwide have recognized this; today there are more than 50 e-Invoicing mandates worldwide, and many more coming into force over the next few years. The day is fast approaching when, … The post Why e-Invoicing has become a global superhero appeared first on OpenText Blogs.

article thumbnail

The EDPB Issues Guidelines Clarifying What Constitutes an International Data Transfer Under the GDPR

Hunton Privacy

On November 19, 2021, the European Data Protection Board (“EDPB”) published its draft Guidelines 05/2021 (the “Guidelines”) on the interplay between the application of Article 3 of the EU General Data Protection Regulation (“GDPR”), which sets forth the GDPR’s territorial scope, and the GDPR’s provisions on international data transfers. The Guidelines aim to assist organizations subject to the GDPR in identifying whether a data processing activity constitutes an international data transfer under

GDPR 125
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Exclusive: Resecurity discovered 0-day vulnerability in TP-Link Wi-Fi 6 devices

Security Affairs

Resecurity researchers found a zero-day vulnerability in the TP-Link enterprise device with model number TL-XVR1800L. Resecurity, a Los Angeles-based cybersecurity company has identified an active a zero-day vulnerability in the TP-Link device with model number TL-XVR1800L (Enterprise AX1800 Dual Band Gigabit Wi-Fi 6 Wireless VPN Router), which is primarily suited to enterprises.

IoT 145
article thumbnail

Apple Sues NSO Group

Schneier on Security

Piling more on NSO Group’s legal troubles, Apple is suing it : The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices. NSO Group’s Pegasus spyware is favored by totalitarian governments around the world, who use it to hack Apple phones and computers.

article thumbnail

MITRE Expands Security Testing to Services, Deception Tools & More

eSecurity Planet

MITRE is moving beyond its well-regarded endpoint security evaluations and will soon be testing other security services and products. MITRE recently issued a call for participation for ATT&CK Evaluations for Managed Services , designed to reveal how managed security service providers (MSSPs) and managed detection and response (MDR) respond to adversarial attacks.

Security 127
article thumbnail

The ISO 20022 Countdown Begins: How Should You Prepare?

OpenText Information Management

ISO 20022 is one of the hottest topics in the financial industry but what is it, what are the benefits and challenges, and how should you take action? Understanding ISO 20022 In the absence of a global financial messaging standard, it seems as if everyone has developed their own unique message type to transmit payment information. As more message types invade the marketplace, the need for a widely used, financial messaging standard has become apparent.

IT 123
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Android.Cynos.7.origin trojan infected +9 million Android devices

Security Affairs

Researchers spotted dozens of games on Huawei’s AppGallery catalog containing the Android.Cynos.7.origin trojan. Researchers from Dr. Web AV discovered 190 games on Huawei’s AppGallery catalog (i.e. simulators, platformers, arcades, strategies, and shooters) that were containing the Android.Cynos.7.origin trojan. They estimated that the malicious apps were installed on at least 9.300.00 Android devices.

Metadata 145
article thumbnail

GoDaddy’s Latest Breach Affects 1.2M Customers

Threatpost

The kingpin domain registrar has logged its fifth cyber-incident since 2018, after an attacker with a compromised password stole email addresses, SSH keys and database logins.

Passwords 120
article thumbnail

Top 3 Black Friday scams to avoid in 2021

IT Governance

Amid the mad dash for bargains and inevitable stories of shop-floor brawls, Black Friday brings with it a spike in cyber security threats – and it’s easy to see why. Despite being an American import, Black Friday is hugely popular in the UK. According to the price comparison site Finder , Brits are set to spend £4.8 billion between Black Friday and Cyber Monday, with the average consumer forking out £275.

Phishing 119
article thumbnail

Why the 'Basement Hacker' Stereotype Is Wrong — and Dangerous

Dark Reading

It engenders a false sense of superiority that spurs complacency among risk managers and executives, who in turn may underinvest in security teams, rely too much on automation, or both.

Risk 114
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

New Memento ransomware uses password-protected WinRAR archives to block access to the files

Security Affairs

Memento ransomware group locks files inside WinRAR password-protected archives after having observed that its encryption process is blocked by security firms. In October, Sophos researchers have spotted the Memento ransomware that adopts a curious approach to block access to victims’ files. The ransomware copies files into password-protected WinRAR archives, it uses a renamed freeware version of the legitimate file utility WinRAR.

Archiving 145
article thumbnail

GoDaddy Breach Widens to Include Reseller Subsidiaries

Threatpost

Customers of several brands that resell GoDaddy Managed WordPress have also been caught up in the big breach, in which millions of emails, passwords and more were stolen.

Passwords 116
article thumbnail

Flurry of activity in the Privacy Act review, including tougher penalties and new online privacy framework

Data Protection Report

This article was co-authored with India Bennett. After months of anticipation regarding the ongoing review of the Privacy Act 1988 (Cth), the Federal Government has galvanized the Australian privacy landscape with two significant developments. Firstly, the Government has released a discussion paper about the reform of the Privacy Act. The discussion paper considers stakeholder feedback on the issues paper released in October 2020 and seeks further feedback on potential changes to the Pri

Privacy 111
article thumbnail

EDPB Releases Statement on the Digital Services Package and Data Strategy; Calls for Ban on Targeted Ads

Hunton Privacy

On November 18, 2021, the European Data Protection Board (“EDPB”) released a statement on the Digital Services Package and Data Strategy (the “Statement”). The Digital Services Package and Data Strategy is a package composed of several legislative proposals, including the Digital Services Act (“DSA”), the Digital Markets Act (“DMA”), the Data Governance Act (“DGA”), the Regulation on a European approach for Artificial Intelligence (“AIR”) and the upcoming Data Act (expected to be presented sho

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

U.S. banking regulators order banks to notify cybersecurity incidents in 36 hours

Security Affairs

U.S. banking regulators have approved a new rule that orders banks to notify federal regulators of significant cybersecurity incidents within 36 hours. U.S. banking regulators this week approved a rule that obliges banks to report any major cybersecurity incidents to the government within 36 hours of discovery. Major cybersecurity incidents are attacks that impact operations of the victims or the stability of the US financial sector.

article thumbnail

Common Cloud Misconfigurations Exploited in Minutes, Report

Threatpost

Opportunistic attackers instantly exploited insecurely exposed services deployed in honeypots by Unit 42 researchers, demonstrating the immediate danger of these typical mistakes.

Honeypots 108
article thumbnail

How Sun Tzu's Wisdom Can Rewrite the Rules of Cybersecurity

Dark Reading

The ancient Chinese military strategist Sun Tzu would agree: The best defense is to avoid an attack in the first place.

Military 134
article thumbnail

Coalition of State Attorneys General Investigating Instagram’s Effects on Children

Hunton Privacy

On November 18, 2021, a number of state attorneys general announced a joint investigation into whether Meta Platforms, Inc., has violated state consumer protection laws in connection with its promotion of Instagram to children and young adults. As part of the investigation, the attorneys general intend to look at potential harms to young users and the ways in which Instagram had designed its product features.

Risk 110
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Attackers compromise Microsoft Exchange servers to hijack internal email chains

Security Affairs

A malware campaign aimed at Microsoft Exchange servers exploits ProxyShell and ProxyLogon issues and uses stolen internal reply-chain emails. A malware campaign aimed at Microsoft Exchange servers exploits ProxyShell and ProxyLogon issues and uses stolen internal reply-chain emails to avoid detection. The campaign was uncovered by TrendMicro researchers that detailed the technique used to trick victims opening the malicious email used as the attack vector.

Security 144
article thumbnail

HONG KONG: New anti-doxxing provisions now in force

DLA Piper Privacy Matters

With the coming into effect of the Personal Data (Privacy) (Amendment) Ordinance 2021 (“ Amendment Ordinance ”) on 8 October 2021, a new anti-doxxing law is now in force in Hong Kong. The below sets out a summary of the key aspects of the anti-doxxing law: New offences of doxxing; new penalties. The Amendment Ordinance introduces two new offences of doxxing and corresponding penalties.

article thumbnail

9.3M+ Androids Running ‘Malicious’ Games from Huawei AppGallery

Threatpost

A new trojan called Android.Cynos.7.origin, designed to collect Android users’ device data and phone numbers, was found in 190 games installed on over 9M Android devices.

Security 106