Sat.Oct 29, 2022 - Fri.Nov 04, 2022

article thumbnail

North Korea Disguising Android Malware as Legitimate Apps

Data Breach Today

Apps Masquerade as Google Security Plug-In and Document Viewer North Korean state hacking group Kimsuky is developing Android malware targeted at South Korean users by disguising the apps as legitimate apps including a Google security plug-in and a document viewer. Seoul-based cybersecurity company S2W dubs the apps FastFire, FastSpy and FastViewer.

article thumbnail

GUEST ESSAY: A roadmap to achieve a better balance of network security and performance

The Last Watchdog

Here’s a frustrating reality about securing an enterprise network: the more closely you inspect network traffic, the more it deteriorates the user experience. Related: Taking a risk-assessment approach to vulnerabilities. Slow down application performance a little, and you’ve got frustrated users. Slow it down a lot, and most likely, whichever knob you just turned gets quickly turned back again—potentially leaving your business exposed.

Security 213
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

[Scam of The Week] New Phishing Email Exploits Twitter’s Plan to Charge for Blue Checkmark

KnowBe4

Michael Kan at PCMag had the scoop: A hacker is already circulating one phishing email, warning users they'll need to submit some personal information to keep the blue verified checkmark for free.

Phishing 107
article thumbnail

The Most Vulnerable Place on the Internet

WIRED Threat Level

Underwater cables keep the internet online. When they congregate in one place, things get tricky.

Security 101
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Thomson Reuters collected and leaked at least 3TB of sensitive data via Cybernews

IG Guru

Check the post here.

More Trending

article thumbnail

Accused ‘Raccoon’ Malware Developer Fled Ukraine After Russian Invasion

Krebs on Security

A 26-year-old Ukrainian man is awaiting extradition from The Netherlands to the United States on charges that he acted as a core developer for Raccoon , a popular “malware-as-a-service” offering that helped paying customers steal passwords and financial data from millions of cybercrime victims. KrebsOnSecurity has learned that the defendant was busted in March 2022, after fleeing mandatory military service in Ukraine in the weeks following the Russian invasion.

Military 293
article thumbnail

A massive cyberattack hit Slovak and Polish Parliaments

Security Affairs

The Slovak and Polish parliaments were hit by a massive cyber attack, and the voting system in Slovakia’s legislature was brought down. A massive cyber attack hit the Slovak and Polish parliaments, reported the authorities. The cyber attack brought down the voting system in Slovakia’s legislature. “The attack was multi-directional, including from inside the Russian Federation,” reads a statement published by the Polish Senate.

article thumbnail

Iran’s Digital Surveillance Tools Leaked

Schneier on Security

It’s Iran’s turn to have its digital surveillance tools leaked : According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones. The tools can slow their data connections to a crawl, break the encryption of phone calls, track the movements of individuals or large groups, and produce detailed metadata summari

Metadata 139
article thumbnail

Cyberattack at Boeing Disrupts Flight Planning

Data Breach Today

Services from Boeing Subsidiary Jeppesen Affected By Ongoing Incident Distribution of airspace safety notices are affected by a cyber incident at Boeing subsidiary Jeppesen, the nature of which the company won't disclose. "At this time we have no reason to believe that this incident poses a threat to aircraft or flight safety," a company spokesperson said.

326
326
article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

LinkedIn Adds Verified Emails, Profile Creation Dates

Krebs on Security

Responding to a recent surge in AI-generated bot accounts, LinkedIn is rolling out new features that it hopes will help users make more informed decisions about with whom they choose to connect. Many LinkedIn profiles now display a creation date, and the company is expanding its domain validation offering, which allows users to publicly confirm that they can reply to emails at the domain of their stated current employer.

article thumbnail

Cisco addressed several high-severity flaws in its products

Security Affairs

Cisco addressed multiple flaws impacting its products, including high-severity issues in identity, email, and web security solutions. Cisco addressed multiple vulnerabilities impacting some of its products, including high-severity flaws in identity, email, and web security products. The most severe vulnerability addressed by the IT giant is a cross-site request forgery (CSRF) flaw, tracked as CVE-2022-20961 (CVSS score of 8.8), that impacts the Identity Services Engine (ISE).

IT 137
article thumbnail

Better Supporting the Have I Been Pwned API with Zendesk

Troy Hunt

I've been investing a heap of time into Have I Been Pwned (HIBP) lately, ranging from all the usual stuff (namely trawling through masses of data breaches) to all new stuff, in particular expanding and enhancing the public API. The API is actually pretty simple: plug in an email address, get a result, and that's a very clearly documented process.

article thumbnail

Second Health Entity Reports Breach Tied to Meta Pixel Use

Data Breach Today

North Carolina Organization Also Facing Pending Privacy Lawsuit Related to Pixel A second healthcare entity is self-reporting its use of Facebook Pixel in web patient portals as a data breach to federal regulators. North Carolina-based WakeMed Health and Hospitals told federal regulators it disclosed to the social media giant patient information of half a million individuals.

article thumbnail

Launching LLM-Based Products: From Concept to Cash in 90 Days

Speaker: Christophe Louvion, Chief Product & Technology Officer of NRC Health and Tony Karrer, CTO at Aggregage

Christophe Louvion, Chief Product & Technology Officer of NRC Health, is here to take us through how he guided his company's recent experience of getting from concept to launch and sales of products within 90 days. In this exclusive webinar, Christophe will cover key aspects of his journey, including: LLM Development & Quick Wins 🤖 Understand how LLMs differ from traditional software, identifying opportunities for rapid development and deployment.

article thumbnail

Hacker Charged With Extorting Online Psychotherapy Service

Krebs on Security

A 25-year-old Finnish man has been charged with extorting a once popular and now-bankrupt online psychotherapy company and its patients. Finnish authorities rarely name suspects in an investigation, but they were willing to make an exception for Julius “Zeekill” Kivimaki , a notorious hacker who — at the tender age of 17 — had been convicted of more than 50,000 cybercrimes , including data breaches, payment fraud, operating botnets, and calling in bomb threats.

article thumbnail

LockBit 3.0 gang claims to have stolen data from Thales

Security Affairs

The ransomware group LockBit 3.0 claimed to have stolen data from the French defence and technology group Thales. Thales is a global high-tech leader with more than 81,000 employees worldwide. The Group invests in digital and deep tech innovations – big data, artificial intelligence, connectivity, cybersecurity and quantum – to build a future of trust, essential to the development of our societies, by placing people at the heart of decision-making.

article thumbnail

Microsoft Warns on Zero-Day Spike as Nation-State Groups Shift Tactics

Dark Reading

The software giant also recorded an increase in attacks on IT services companies as state-backed threat actors have adapted to better enterprise defenses and cast a wider net, Microsoft says.

IT 117
article thumbnail

Dropbox Data Breach Another Multifactor Fail

Data Breach Today

Cloud Company Says User Accounts Were Not Breached, Just GitHub Code Repositories DropBox is the latest company to have employees fall for phishing emails tricking them into supplying login credentials and a one time password to threat actors. Hackers got away with copies of 130 code repositories. The company says it's speeding up an internal transition to Web Authentication.

article thumbnail

An Architect’s Guide for Selecting Scalable, Data-Layer Technologies

There’s no getting around it: selecting the right foundational data-layer components is crucial for long-term application success. That’s why we developed this white paper to give you insights into four key open-source technologies – Apache Cassandra®, Apache Kafka®, Apache Spark™, and OpenSearch® – and how to leverage them for lasting success. Discover everything you’ll want to know about scalable, data-layer technologies: Learn when to choose these technologies and when to avoid them Explore h

article thumbnail

European Commission Publishes Report on Decentralized Finance

Hunton Privacy

On October 18, 2022, the European Commission published a report , titled Information Frictions and Public Policies: Approaching the Regulation and Supervision of Decentralized Finance (“DeFi”) (the “Report”). The Report discusses the need to adapt existing policy frameworks to account for the change brought about by DeFi to the underlying information structure upon which financial services are provided.

article thumbnail

Former British Prime Minister Liz Truss ‘s phone was allegedly hacked by Russian spies

Security Affairs

According to the Daily Mail, Former British Prime Minister Liz Truss ‘s personal phone was hacked by Russian spies. The personal mobile phone of British Prime Minister Liz Truss was hacked by cyber spies suspected of working for the Kremlin, the Daily Mail reported. According to the British tabloid, the cyber-spies are believed to have gained access to top-secret exchanges with key international partners as well as private conversations with his friend, the British Conservative Party polit

article thumbnail

NSA on Supply Chain Security

Schneier on Security

The NSA (together with CISA) has published a long report on supply-chain security: “ Securing the Software Supply Chain: Recommended Practices Guide for Suppliers. “: Prevention is often seen as the responsibility of the software developer, as they are required to securely develop and deliver code, verify third party components, and harden the build environment.

Security 114
article thumbnail

Espionage Hackers Use Microsoft IIS to Plant Malware

Data Breach Today

Hacking Group Uses a New Backdoor Called Danfuan Threat actors are using Internet Information Services - Microsoft's extensible web server software - to deliver a previously undocumented dropper that is being used to install a new backdoor and other tools. The group dubbed Cranefly uses a new backdoor called Danfuan, researchers say.

247
247
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

The Sky Is Not Falling: Disclosed OpenSSL Bugs Are Serious but Not Critical

Dark Reading

Organizations should update to the latest encryption (version 3.0.7) as soon as possible, but there's no need for Heartbleed-like panic, security experts say.

article thumbnail

Experts warn of critical RCE in ConnectWise Server Backup Solution

Security Affairs

ConnectWise has addressed a critical remote code execution vulnerability impacting Recover and R1Soft Server Backup Manager (SBM). According to the advisory published by ConnectWise , the vulnerability is an Improper Neutralization of Special Elements in Output Used by a Downstream Component. An attacker can exploit the vulnerability to execute remote code or directly access confidential data.

article thumbnail

Apple Only Commits to Patching Latest OS Version

Schneier on Security

People have suspected this for a while, but Apple has made it official. It only commits to fully patching the latest version of its OS, even though it claims to support older versions. From ArsTechnica : In other words, while Apple will provide security-related updates for older versions of its operating systems, only the most recent upgrades will receive updates for every security problem Apple knows about.

Security 113
article thumbnail

SolarWinds May Face SEC Investigation Over Hack Disclosure

Data Breach Today

Company Settles Shareholder Lawsuit for $26M SolarWinds, maker of network management software famously hacked by the Russian government, may be the subject of an investigation by the U.S. Securities and Exchange Commission after staff made a preliminary determination in its favor. The company says it will contest the staff recommendation.

article thumbnail

What Is Entity Resolution? How It Works & Why It Matters

Entity Resolution Sometimes referred to as data matching or fuzzy matching, entity resolution, is critical for data quality, analytics, graph visualization and AI. Learn what entity resolution is, why it matters, how it works and its benefits. Advanced entity resolution using AI is crucial because it efficiently and easily solves many of today’s data quality and analytics problems.

article thumbnail

DHL Tops the List of Most Impersonated Brand in Phishing Attacks

KnowBe4

As scammers shift their campaigns and learn from their successes, new data shows that the global delivery service is the current brand of choice, with equally familiar brands trailing slightly.

Phishing 110
article thumbnail

Dropbox discloses unauthorized access to 130 GitHub source code repositories

Security Affairs

Dropbox disclosed a security breach, threat actors gained unauthorized access to 130 of its source code repositories on GitHub. File hosting service Dropbox announced that threat actors gained unauthorized access to 130 of its source code repositories on GitHub. According to the advisory published by Dropbox, the company was the target of a phishing campaign that resulted in access to the GitHub repositories.

Access 125
article thumbnail

5 Key Takeaways from Microsoft Ignite 2022

Daymark

Microsoft recently held its annual Ignite Conference where they announced over 100 updates to its suite of cloud services and products. Daymark was on the ground at the Convention Center in Seattle to explore the innovations and engage with Microsoft on the latest changes. 100 updates is a lot to digest! Here are our thoughts on 5 important ones worth paying attention to. 1.