Krebs on Security

JUNE 22, 2023

The United Parcel Service (UPS) says fraudsters have been harvesting phone numbers and other information from its online shipment tracking tool in Canada to send highly targeted SMS phishing (a.k.a. “smishing”) messages that spoofed UPS and other top brands. The missives addressed recipients by name, included details about recent orders, and warned that those orders wouldn’t be shipped unless the customer paid an added delivery fee.

Phishing 265

Phishing Retail IT Communications 265

Data Breach Today

JUNE 22, 2023

French Regulator Fines Criteo for Website Cookie Tracking Tools The top French privacy regulator has imposed a fine of 40 million euros against a Parisian advertising technology company for its use of website tracking cookies and failure to process users' personal data in compliance with privacy laws under the General Data Protection Regulation.

GDPR 246

GDPR Personal data Privacy Compliance 246

The Last Watchdog

JUNE 22, 2023

Eden Prairie, Minn., June 22, 2023 — Malicious emails have reached a crescendo in 2023 according to the latest report from cybersecurity software and services provider Fortra. Email impersonation threats such as BEC currently make up nearly 99 percent of threats, and of those 99 percent of threats observed in corporate inboxes are response-based or credential theft attacks.

Phishing 100

Phishing Security awareness Cybersecurity Security 100

Data Breach Today

JUNE 22, 2023

Also: MOVEit Attackers Target Pensioners, UPS Canada Discloses Data Breach Every week, ISMG rounds up cybersecurity incidents around the world. This week, attackers hit European Investment Bank; a California pensioners' fund suffered a cyberattack related to MOVEit; UPS Canada disclosed a data breach; and a new Android malware campaign spread GravityRAT spyware.

Data breaches 237

Data breaches Cybersecurity 237

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Dark Reading

JUNE 22, 2023

Under construction: The world's leading ransomware gang is workshopping ransomware for less obvious systems beyond Windows environments. Experts weigh in on how worried we should be.

Ransomware 110

Ransomware 110

Dark Reading

JUNE 22, 2023

The "nOAuth" attack allows cross-platform spoofing and full account takeovers, and enterprises need to remediate the issue immediately, researchers warn.

Authentication 107

Authentication 107

Data Breach Today

JUNE 22, 2023

Bugs Exploited to Install Spyware and Remotely Execute Code in Some Cases Apple has fixed multiple zero-days that were actively being exploited since 2019 and infect several iOS devices with a spyware implant dubbed TriangleDB via zero-click iMessage exploits. The tech giant said the vulnerabilities actively exploited iOS versions released before iOS 15.7.

201

201

Jamf

JUNE 22, 2023

This year’s Jamf Nation Live series was a particularly poignant one. In addition to announcing new exciting features, capabilities and partnerships hot off the heels of WWDC, we said goodbye to a much-beloved CEO and re-introduced our new leader to Jamf Nation!

98

98

Data Breach Today

JUNE 22, 2023

Geller Replaces Michael DeCesare, Who Seeks to 'Balance Health and Lifestyle' Exabeam will have its third CEO since June 2021 after promoting Chief Product Officer Adam Geller to take over as its top leader. The security operations vendor elevated Geller to replace Michael DeCesare, 57, who joined Exabeam as president and CEO two years ago after leading Forescout for years.

Security 144

Security IT 144

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

IT Governance

JUNE 22, 2023

More than 100,000 ChatGPT users have had their data stolen in malware attacks over the past year, according to research into dark web transactions. The cyber intelligence firm Group-IB discovered the compromised data within the logs of info-stealing malware traded on various underground websites. Info-stealers are a form of malware that target account data stored on web browsers.

Passwords 98

Passwords Data breaches Risk Government 98

Data Breach Today

JUNE 22, 2023

CISO Marco Túlio Moraes on How to Guide the Cyber Agenda at Organizations The first step in managing risk is recognizing it as a boardroom matter, and it demands that directors be prepared to understand and discuss the cyber issue and strategically guide C-level executives on this complex topic. It requires cyber competence in the boardroom, said CISO Marco Túlio Moraes.

Risk 144

Risk IT 144

Security Affairs

JUNE 22, 2023

The proof-of-concept (PoC) exploit code for high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure was published online. A security researcher has published a proof-of-concept (PoC) exploit code for the high-severity vulnerability, tracked as CVE-2023-20178 (CVSS score of 7.8), impacting Cisco AnyConnect Secure Mobility Client and Secure Client for Windows.

Security 98

Security Authentication Access IT 98

Data Breach Today

JUNE 22, 2023

Proposed Class Action Filed Against Intellihartx in Wake of Fortra GoAnywhere Hack A proposed federal class action lawsuit alleges that patient debt collection software firm Intellihartx was negligent in its handling of third-party risk, contributing to a breach affecting nearly 490,000 individuals and involving a recent hack on its file transfer software vendor Fortra.

Risk 130

Risk Data breaches IT 130

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Security Affairs

JUNE 22, 2023

Since March 2023, Unit 42 researchers have observed a variant of the Mirai botnet spreading by targeting tens of flaws in D-Link, Zyxel, and Netgear devices. Since March 2023, researchers at Palo Alto Networks Unit 42 have observed a new variant of the Mirai botnet targeting multiple vulnerabilities in popular IoT devices. Below is the list of the targeted vulnerabilities: CVE/Product Description CVE-2019-12725 Zeroshell Remote Command Execution Vulnerability CVE-2019-17621 D-Link DIR-859 Remote

IoT 97

IoT Encryption Access Security 97

Data Breach Today

JUNE 22, 2023

Also: Binance's Global Regulatory Woes, Trial of Mango Market Hacker Every week, ISMG rounds up cybersecurity incidents in the world of digital assets. This week: Sam Bankman-Fried is set to face two criminal trials instead of one, Binance is sinking deeper into regulatory quicksand, and the Mango Markets hacker is expected to be tried on Dec. 4.

Marketing 130

Marketing Cybersecurity 130

Security Affairs

JUNE 22, 2023

Researchers reported that millions of GitHub repositories are likely vulnerable to an attack called RepoJacking. A study conducted by Aqua researchers revealed that millions of GitHub repositories are potentially vulnerable to RepoJacking. In the RepoJacking attack, attackers claim the old username of a repository after the legitimate creator changed the username, then publish a rogue repository with the same name to trick users into downloading its content.

IT 97

IT Risk Security Access 97

Dark Reading

JUNE 22, 2023

From hardening Windows systems to adding access control and segmenting the network, there are steps organizations can take to better secure corporate data.

Access 100

Access Security 100

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Security Affairs

JUNE 22, 2023

Apple rolled out security updates to address actively exploited zero-day flaws in iOS, iPadOS, macOS, watchOS, and Safari. Apple addressed a set of vulnerabilities in iOS, iPadOS, macOS, watchOS, and the Safari browser that were actively exploited in the wild. The IT giant addressed the zero-day vulnerabilities, tracked as CVE-2023-32434 and CVE-2023-32435 , exploited as part of the recently disclosed Operation Triangulation.

Security 96

Security IT Information Security 96

KnowBe4

JUNE 22, 2023

A threat actor tracked as “Muddled Libra” is using the 0ktapus phishing kit to gain initial access to organizations in the software automation, business process outsourcing, telecommunications, and technology industries, according to researchers at Palo Alto Networks’ Unit 42.

Phishing 91

Phishing Access 91

Security Affairs

JUNE 22, 2023

Norton parent firm, Gen Digital, was the victim of a ransomware attack that exploited the recently disclosed MOVEit zero-day vulnerability. Gen Digital Inc. (formerly Symantec Corporation and NortonLifeLock) is a multinational software company that provides cybersecurity software and services. The company owns multiple brands, including Norton, Avast, LifeLock, Avira, AVG, ReputationDefender, and CCleaner.

Ransomware 96

Ransomware Access Cybersecurity IT 96

Dark Reading

JUNE 22, 2023

The announcement was posted on Twitter via the Rewards for Justice Twitter account, alongside encrypted messaging system options for anyone to get into contact should they have viable information.

Ransomware 89

Ransomware Encryption 89

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

WIRED Threat Level

JUNE 22, 2023

Newly released documents highlight the bureau's continued secrecy around cell-site simulators—spying tech that everyone already assumes exists.

Privacy 91

Privacy Security 91

Dark Reading

JUNE 22, 2023

A ready-made, low-complexity path to pwning the popular enterprise VPN clients for remote workers is now circulating in the wild.

100

100

eSecurity Planet

JUNE 22, 2023

Dynamic Application Security Testing (DAST) combines elements of pentesting, vulnerability scanning and code security to evaluate the security of web applications. The cyber security team adopts the role of a simulated hacker and expertly scrutinizes the application’s defenses, thoroughly assessing its vulnerability to potential threats. By doing this, DAST helps determine how secure the web application is and pinpoint areas that need improvement.

Security 79

Security Risk Libraries IT 79

Dark Reading

JUNE 22, 2023

Compliance, seen as a burden for businesses, is being passed to overloaded IT departments — leaving organizations unsure if they're compliant at all.

Compliance 82

Compliance IT 82

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Thales Cloud Protection & Licensing

JUNE 22, 2023

How Thales and Red Hat Secure Kubernetes Data in a 5G World madhav Fri, 06/23/2023 - 05:03 The Mobile Network Operators (MNOs) that operate 5G mobile broadband networks face many challenges related to their highly distributed infrastructure. While Kubernetes presents a promising solution for addressing these challenges, MNOs need to mitigate the data security challenges that arise from using Kubernetes for 5G deployments.

Encryption 62

Encryption Security Cloud Access 62

Dark Reading

JUNE 22, 2023

Dark data may be your most elusive asset, but it can also be your most costly if you don't protect it.

Risk 99

Risk IT 99

Thales Cloud Protection & Licensing

JUNE 22, 2023

How Thales and Red Hat Secure Kubernetes Data in a 5G World madhav Fri, 06/23/2023 - 05:03 The Mobile Network Operators (MNOs) that operate 5G mobile broadband networks face many challenges related to their highly distributed infrastructure. While Kubernetes presents a promising solution for addressing these challenges, MNOs need to mitigate the data security challenges that arise from using Kubernetes for 5G deployments.

Encryption 62

Encryption Security Cloud Access 62