Trending Articles

article thumbnail

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

Krebs on Security

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams , Adobe Reader , Mozilla Thunderbird , and Discord.

article thumbnail

Data Breach Toll Tied to Clop Group's MOVEit Attacks Surges

Data Breach Today

2,050 Organizations Affected After Data Stolen From Secure File-Sharing Software The count of organizations affected by the Clop ransomware group's most recent mass targeting of Progress Software's secure file transfer software doubled last week. National Student Clearinghouse warned that data tied to nearly 900 colleges and universities had been stolen from its MOVEit server.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

LastPass: ‘Horse Gone Barn Bolted’ is Strong Password

Krebs on Security

The password manager service LastPass is now forcing some of its users to pick longer master passwords. LastPass says the changes are needed to ensure all customers are protected by their latest security improvements. But critics say the move is little more than a public relations stunt that will do nothing to help countless early adopters whose password vaults were exposed in a 2022 breach at LastPass.

Passwords 304
article thumbnail

GUEST ESSAY: Caring criminals — why some ransomware gangs now avoid targeting hospitals

The Last Watchdog

Ransomware is a significant threat to businesses worldwide. There are many gangs that work together to orchestrate increasingly damaging attacks. However, some of these groups follow codes of conduct that prevent them from purposefully targeting hospitals. Related: How Putin has weaponized ransomware In mid-March 2020, representatives from the cybersecurity website BleepingComputer contacted numerous ransomware gangs to ask if they’d continue targeting hospitals during the unprecedented COVID-19

article thumbnail

Customer Experience Management: Optimizing Your Strategy for Financial Success

Speaker: Diane Magers, Founder and Chief Experience Officer at Experience Catalysts

In the world of business, connecting the dots from experience to financial impact is an essential skill. Transforming customer engagement, Voice of Customer (VoC) insights, and Journey Maps into tangible financial outcomes poses a significant challenge for most organizations. To gain buy-in from the C-Suite and key stakeholders, it’s crucial to illustrate how Experience Management translates into clear, measurable business results.

article thumbnail

Amidst MGM, Caesar's Incidents, Attackers Focus on Luxury Hotels

Dark Reading

A fast-growing cyber campaign solely takes aim at luxury hotel and resort chains, using security-disruptive tactics to spread info-stealing malware.

Security 134

More Trending

article thumbnail

Deadglyph Backdoor Targeting Middle Eastern Government

Data Breach Today

Backdoor Is Associated With Stealth Falcon APT Group Security researchers discovered a novel backdoor targeting a governmental agency in the Middle East for espionage purposes. Deadglyph is unique because it's made up of different parts written in different programming languages: native x64 binary and a.NET assembly.

article thumbnail

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

The Last Watchdog

If you’re a small business looking for the secret sauce to cybersecurity, the secret is out: start with a cybersecurity policy and make the commitment to security a business-wide priority. Related: SMBs too often pay ransom Small businesses, including nonprofit organizations, are not immune to cyberattacks. The average cost of a cybersecurity breach was $4.45 million in 2023, according to IBM’s Cost of a Data Breach Report, and over 700,000 small businesses were targeted in cybersecurity attacks

article thumbnail

MOVEit Flaw Leads to 900 University Data Breaches

Dark Reading

National Student Clearinghouse, a nonprofit serving thousands of universities with enrollment services, exposes more than 900 schools within its MOVEit environment.

article thumbnail

Signal Will Leave the UK Rather Than Add a Backdoor

Schneier on Security

Totally expected, but still good to hear : Onstage at TechCrunch Disrupt 2023, Meredith Whittaker, the president of the Signal Foundation, which maintains the nonprofit Signal messaging app, reaffirmed that Signal would leave the U.K. if the country’s recently passed Online Safety Bill forced Signal to build “backdoors” into its end-to-end encryption. “We would leave the U.K. or any jurisdiction if it came down to the choice between backdooring our encryption and betrayin

article thumbnail

How to Stay Competitive in the Evolving State of Martech

Marketing technology is essential for B2B marketers to stay competitive in a rapidly changing digital landscape — and with 53% of marketers experiencing legacy technology issues and limitations, they’re researching innovations to expand and refine their technology stacks. To help practitioners keep up with the rapidly evolving martech landscape, this special report will discuss: How practitioners are integrating technologies and systems to encourage information-sharing between departments and pr

article thumbnail

CommonSpirit Details Financial Fallout of $160M Cyberattack

Data Breach Today

No Word Yet on Hospital Chain's Cyber Insurance Claim, Multiple Lawsuits Pending Chicago-based CommonSpirit is still waiting to hear back on its insurance claim for an October 2022 ransomware attack, but the hospital chain said disruption of some facilities and "significantly" hampered billing and collection activities contributed to a $1.4 billion operating loss for the year.

article thumbnail

Apple rolled out emergency updates to address 3 new actively exploited zero-day flaws

Security Affairs

Apple released emergency security updates to address three new actively exploited zero-day vulnerabilities. Apple released emergency security updates to address three new zero-day vulnerabilities (CVE-2023-41993, CVE-2023-41991, CVE-2023-41992) that have been exploited in attacks in the wild. The three flaws were discovered by Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat Analysis Group.

Security 133
article thumbnail

BREAKING NEWS Q&A: What Cisco’s $28 billion buyout of Splunk foretells about cybersecurity

The Last Watchdog

There’s a tiny bit more to Cisco’s acquisition of Splunk than just a lumbering hardware giant striving to secure a firmer foothold in the software business. Related: Why ‘observability’ is rising to the fo re Cisco CEO Chuck Robbins has laid down a $28 billion bet that he’ll be able to overcome challenges Cisco is facing as its networking equipment business slows, beset by supply chain issues and reduced demand, post Covid 19.

article thumbnail

Proactive Security: What It Means for Enterprise Security Strategy

Dark Reading

Proactive Security holds the elusive promise of helping enterprises finally get ahead of threats, but CISOs must come to grips with the technological and philosophical change that it brings.

Security 116
article thumbnail

The Essential Guide to Analytic Applications

Embedding dashboards, reports and analytics in your application presents unique opportunities and poses unique challenges. We interviewed 16 experts across business intelligence, UI/UX, security and more to find out what it takes to build an application with analytics at its core. No matter where you are in your analytics journey, you will learn about emerging trends and gather best practices from product experts.

article thumbnail

New EU FIDA Proposal: How Does This Affect GDPR?

Data Matters

The European Commission issued the Financial Data Access Act (FIDA) proposal in June this year. FIDA will create a legislative framework that aims to "bring payments and the wider financial sector into the digital age" by facilitating the sharing of and access to customer financial data (whether of businesses or consumers). The post New EU FIDA Proposal: How Does This Affect GDPR?

GDPR 142
article thumbnail

Apple Fixes Bugs That Infected Egyptian Politician's iPhone

Data Breach Today

Cytrox's Predator Found on Device of Ahmed Eltantawy Apple released patches Thursday to close three actively exploited vulnerabilities that researchers say commercial spyware maker Cytrox used to infect the iPhone of Egyptian politician Ahmed Eltantawy with Predator malware. The Citizen Lab attributes the attacks to the Egyptian government.

article thumbnail

Deadglyph, a very sophisticated and unknown backdoor targets the Middle East

Security Affairs

Researchers discovered a previously undocumented sophisticated backdoor, named Deadglyph, used by the Stealth Falcon group for espionage in the Middle East ESET researchers discovered a very sophisticated and unknown backdoor, named Deadglyph, employed by the Stealth Falcon group for espionage in the Middle East. Stealth Falcon is a nation-state actor active since at least 2012, the group targeted political activists and journalists in the Middle East in past campaigns.

article thumbnail

Black Hat Fireside Chat: Flexxon introduces hardened SSD drives as a last line defense

The Last Watchdog

Creating ever smarter security software to defend embattled company networks pretty much sums up the cybersecurity industry. Related: The security role of semiconductors Cutting against the grain, Flexxon , a Singapore-based supplier of NAND memory drives and storage devices, arrived at Black Hat USA 2023 calling for a distinctive hardware approach to repelling cyber attacks.

article thumbnail

1st, 2nd, and 3rd Party Intent Data: Which Is Right for You?

How do 1st, 2nd, and 3rd party intent data compare? 1st, 2nd, and 3rd party data each have specific advantages and disadvantages. It comes down to four factors: accuracy, cost, control and quantity. This infographic explains the pros and cons of each and helps you understand which one is best for meeting your business objectives. Intent data can be a great way to fill your pipeline and close more deals.

article thumbnail

MGM, Caesars Cyberattack Responses Required Brutal Choices

Dark Reading

Tens of millions in losses later, the MGM and Caesars systems are back online following dual cyberattacks by the same threat actor — here's what experts say about their incident responses.

131
131
article thumbnail

FTC Publishes Staff Paper on the Harm of Blurred Advertising

Hunton Privacy

On September 14, 2023, the Federal Trade Commission issued a press release announcing the publication of a staff paper about blurred advertising. In the staff paper, the FTC describes blurred advertising as the blending of ads with digital media content ( e.g., displaying ads within online games and virtual reality worlds). The FTC warns that these ads are not readily identifiable as marketing by consumers and pose a significant threat to young children who do not have the skills or cognitive de

Paper 108
article thumbnail

How to Overcome Practitioner Concerns Over Cisco-Splunk Deal

Data Breach Today

Forrester's Allie Mellen on Issues Posed by Cisco's M&A Track Record, Splunk's Cost Security practitioners are skeptical of Cisco's proposed $28 billion Splunk purchase given the networking giant's track record around funding and investing in previous acquisition targets. Forrester's Allie Mellen expects some customers to try out other SIEM tools given Cisco's heritage in hardware.

Security 277
article thumbnail

Xenomorph malware is back after months of hiatus and expands the list of targets

Security Affairs

A new campaign is spreading Xenomorph malware to Android users in the United States, Spain, Portugal, Italy, Canada, and Belgium. Researchers from ThreatFabric uncovered a new campaign spreading Xenomorph malware to Android users in the United States and all over the world. In February 2022, researchers from ThreatFabric first spotted the Xenomorph malware, which was distributed via the official Google Play Store reaching over 50,000 installations.

Phishing 110
article thumbnail

10 Rules for Managing PostgreSQL®

PostgreSQL is a highly versatile and robust technology, capable of addressing a wide range of challenges in diverse environments. Its expanding range of use cases is witnessing exponential growth, allowing PostgreSQL to effectively target an ever-increasing number of applications while minimizing limitations. This whitepaper presents ten indispensable rules that will empower you to optimize your PostgreSQL installation and stay ahead of the evolving landscape.

article thumbnail

Congratulations to our Jammies Awards Winners

Jamf

Congratulations to the winners of the 2023 Jammies Awards, the customer appreciation awards celebrating those who exemplify Jamf values and innovative usage of Jamf solutions.

111
111
article thumbnail

Fake WinRAR PoC Exploit Conceals VenomRAT Malware

Dark Reading

A supposed exploit for a notable RCE vulnerability in the popular Windows file-archiving utility delivers a big sting for unwitting researchers and cybercriminals.

Archiving 135
article thumbnail

Cybercriminals Use Google Looker Studio to Host Crypto Scam to Steal Money and Credentials

KnowBe4

Security researchers at Check Point have discovered yet another attack that leverages legitimate web applications to host attacks in order to bypass security scanners.

Security 110
article thumbnail

CyberArk, BeyondTrust, Delinea Dominate Gartner MQ for PAM

Data Breach Today

One Identity, Wallix, Arcon Exit Leaders Space as Privileged Access Market Matures CyberArk, BeyondTrust and Delinea maintained their spots atop Gartner's privileged access management Magic Quadrant, while One Identity, Wallix and Arcon fell from the leader ranks. Over the past half-decade, PAM has gone from being required for large companies to being an insurance prerequisite.

Insurance 263
article thumbnail

How to Create Unique Customer Journeys to Optimize Business Outcomes

Speaker: Shawn Phillips, CCXP, Head of Growth and Innovation

A one-size-fits-all approach is a great approach – if it’s 2010. With the growth of AI, customers expect – and often demand – a customer journey based on their unique needs and history with your brand. Advanced platforms enable you to move beyond simple personalization or mass customization to create truly unique customer journeys that optimize outcomes for both your customers and your brand.

article thumbnail

Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions

Security Affairs

Pro-Russia hacker group NoName is suspected to have launched a cyberattack that caused border checkpoint outages at several Canadian airports. A massive DDoS cyber attack, likely carried out by Pro-Russia hacker group NoName , severely impacted operations at several Canadian airports last week, reported Recorded Future News. Canada Border Services Agency (CBSA) was able to mitigate the attack after a few hours.

article thumbnail

Risk of a US Government Shutdown Is Fueled by Very Online Republicans

WIRED Threat Level

Egged on by a far-reaching conservative media ecosystem, right-wing hardliners are forcing Washington to bend to their reality as the federal government careens toward a possible shutdown.

article thumbnail

BBTok Banking Trojan Impersonates 40+ Banks to Hijack Victim Accounts

Dark Reading

Attackers use convincing fake website interfaces and sophisticated geo-fencing to target users exclusively in Mexico and Brazil with a new variant of the malware.

132
132