Krebs on Security

MAY 29, 2024

The U.S. Department of Justice (DOJ) today said they arrested the alleged operator of 911 S5 , a ten-year-old online anonymity service that was powered by what the director of the FBI called “likely the world’s largest botnet ever.” The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government says turned computers running various “free VPN” products into Internet traffic relays that facilitated billions of dollars i

Cloud 292

Cloud Government Insurance IT 292

Data Breach Today

MAY 29, 2024

US-Led Operation Disrupts 911 S5 Botnet in Global Crackdown FBI Director Christopher Wray said the U.S. led an internationally coordinated effort to disrupt and dismantle what may be one of the world's largest malicious botnet services, which had accrued 19 million IP addresses by the time it was taken down and its primary administrator was arrested in May.

IT 274

IT 274

The Last Watchdog

MAY 29, 2024

The capacity to withstand network breaches, and minimize damage, is a key characteristic of digital resiliency. Related: Selecting a Protective DNS One smart way to do this is by keeping an eagle eye out for rogue command and control (C2) server communications. Inevitably, compromised devices will try to connect with a C2 server for instructions. And this beaconing must intersect with the Domain Name System (DNS.

Communications 147

Communications Insurance Cybersecurity Security 147

WIRED Threat Level

MAY 28, 2024

Thanks to a flaw in a decade-old version of the RoboForm password manager and a bit of luck, researchers were able to unearth the password to a crypto wallet containing a fortune.

Passwords 136

Passwords Blockchain Security 136

Advertisement

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

Paper

Troy Hunt

MAY 29, 2024

Today we loaded 16.5M email addresses and 13.5M unique passwords provided by law enforcement agencies into Have I Been Pwned (HIBP) following botnet takedowns in a campaign they've coined Operation Endgame. That link provides an excellent over so start there then come back to this blog post which adds some insight into the data and explains how HIBP fits into the picture.

Passwords 126

Passwords Data structuring Data breaches IT 126

Data Breach Today

MAY 27, 2024

Starlink Routers in Ukraine and Gaza Trackable via Apple WPS, Researchers Warn Apple's WiFi-based positioning system can be abused to track the live location of various types of devices around the globe, including Starlink routers in war zones, researchers warn. Until Apple puts in place more defenses, they say the system will continue to pose a "large-scale privacy threat.

Risk 292

Risk Privacy 292

The Last Watchdog

MAY 30, 2024

From MFA to biometrics, a lot has been done to reinforce user ID and password authentication — for human users. Related: How weak service accounts factored into SolarWinds hack By comparison, almost nothing has been done to strengthen service accounts – the user IDs and passwords set up to authenticate all the backend, machine-to-machine connections of our digital world.

Authentication 130

Authentication Passwords Insurance Access 130

Security Affairs

MAY 27, 2024

Experts warn of a new ATM malware family that is advertised in the cybercrime underground, it was developed to target Europe. A threat actor is advertising a new ATM malware family that claims to be able of compromised 99% of devices in Europe. The threat actor is offering the malware for $30,000, he claims that the “EU ATM Malware” is designed from scratch and that can also target approximately 60% of ATMs worldwide.

Manufacturing 132

Manufacturing IT Information Security Security 132

Schneier on Security

MAY 30, 2024

No word on how this backdoor was installed: A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack. The software, known as the JAVS Viewer 8, is a component of the JAVS Suite 8 , an application package courtrooms use to record, play back, and manage audio and video from proceed

Communications 106

Communications IT 106

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

Artificial Intelligence

Krebs on Security

MAY 28, 2024

The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5 , an online anonymity service that for many years was the easiest and cheapest way to route one’s Web traffic through malware-infected computers around the globe. KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later.

Cloud 223

Cloud Data breaches Government IT 223

Data Breach Today

MAY 27, 2024

Class Action Law Firms Seek Access to Commissioned Deloitte Report Into Mega-Breach The Federal Court of Australia has rejected a request from telecommunications giant Optus to keep private a detailed digital forensic investigation report conducted by Deloitte into the massive data breach it suffered in 2022, exposing private information pertaining to nearly 10 million customers.

Data breaches 287

Data breaches Access IT 287

The Last Watchdog

MAY 28, 2024

Spread spectrum technology helped prevent the jamming of WWII radio-controlled torpedoes and subsequently became a cornerstone of modern-day telecom infrastructure. For its next act, could spread spectrum undergird digital resiliency? I had an evocative discussion about this at RSAC 2024 with Dispersive CEO Rajiv Plimplaskar. For a full drill down, please give the accompanying podcast a listen.

Military 130

Military Encryption Communications Cloud 130

Security Affairs

MAY 30, 2024

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-24919 Check Point Quantum Security Gateways Information Disclosure Vulnerability CVE-2024-1086 Linux Kernel Use-After-Free Vulnerability The vulnerability CVE-2024-24919 is a Quantum Gateway information disclosure

IT 102

IT Security Cybersecurity Risk 102

Advertisement

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

Analytics

WIRED Threat Level

MAY 30, 2024

In seemingly the first case of its kind, the US Justice Department has charged a Chinese national with using a drone to photograph a Virginia shipyard where the US Navy was assembling nuclear submarines.

IT 96

IT Security 96

Schneier on Security

MAY 28, 2024

Quantum computers are probably coming, though we don’t know when—and when they arrive, they will, most likely, be able to break our standard public-key cryptography algorithms. In anticipation of this possibility, cryptographers have been working on quantum-resistant public-key algorithms. The National Institute for Standards and Technology (NIST) has been hosting a competition since 2017, and there already are several proposed standards.

Paper 102

Paper Encryption Communications IT 102

Data Breach Today

MAY 27, 2024

Automation, Improved Data Validation Reduce False Positives for Cyber Risk Ratings By improving data validation and incorporating automation, cyber risk ratings platforms are addressing trust issues and enhancing their role in third-party risk management. Bitsight and SecurityScorecard continue to lead the market, Forrester said, and Panorays became a leader.

Risk 260

Risk Marketing 260

The Last Watchdog

MAY 31, 2024

AI has the potential to revolutionize industries and improve lives, but only if we can trust it to operate securely and ethically. Related: The key to the GenAI revolution By prioritizing security and responsibility in AI development, we can harness its power for good and create a safer, more unbiased future. Developing a secured AI system is essential because artificial intelligence is a transformative technology, expanding its capabilities and societal influence.

Artificial Intelligence 100

Artificial Intelligence Security Encryption Authentication 100

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Security Affairs

MAY 28, 2024

Researchers released a proof-of-concept (PoC) exploit for remote code execution flaw CVE-2024-23108 in Fortinet SIEM solution. Security researchers at Horizon3’s Attack Team released a proof-of-concept (PoC) exploit for a remote code execution issue, tracked as CVE-2024-23108 , in Fortinet’s SIEM solution. The PoC exploit allows executing commands as root on Internet-facing FortiSIEM appliances.

Cybersecurity 106

Cybersecurity Security IT Information Security 106

Data Matters

MAY 28, 2024

On May 23, 2024, the UK finally passed its Digital Markets, Competition and Consumers Act (DMCCA), introducing a new “pro-competition” regime for digital markets and marking the biggest reform to UK competition and consumer laws in a decade. The DMCCA is the latest piece of legislation aiming to tackle the power of Big Tech, as regulators around the world debate new ways to oversee competition in the digital sector.

Marketing 88

Marketing Privacy IT 88

Schneier on Security

MAY 29, 2024

Brian Krebs reports on research into geolocating routers: Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geolocate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally—including non-Apple devices like Starlink systems—and found they could use thi

Access 93

Access Privacy Manufacturing Paper 93

Data Breach Today

MAY 28, 2024

Pyongyang Threat Actor Is After Money and Information A North Korean hacking group wants to make money for the cash-starved Pyongyang regime and conduct bread-and-butter cyberespionage, say Microsoft researchers in a profile of a group they track as "Moonstone Sleet." North Korea has a well-established history of hacking for profit.

249

249

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

The Last Watchdog

MAY 28, 2024

Cary, NC, May 28, 2024, CyberNewsWire — If there is a single theme circulating among Chief Information Security Officers (CISOs) right now, it is the question of how to get stakeholders on board with more robust cybersecurity training protocols. There are key points debated about why you should provide cybersecurity training to your IT professionals, like the alarming increase in cyberattacks (an increase of 72% over the all-time high in 2021, according to the Identity Theft Research Cente

Cybersecurity 113

Cybersecurity Security Data breaches Cloud 113

Security Affairs

MAY 28, 2024

Dutch bank ABN Amro discloses data breach following a ransomware attack hit the third-party services provider AddComm. Dutch bank ABN Amro disclosed a data breach after third-party services provider AddComm suffered a ransomware attack. AddComm distributes documents and tokens physically and digitally to clients and employees. The ransomware attack occurred last week and unauthorized parties may have obtained access to data of a limited number of ABN AMRO clients.

Data breaches 98

Data breaches Ransomware Phishing Cybersecurity 98

WIRED Threat Level

MAY 29, 2024

The US says a Chinese national operated the “911 S5” botnet, which included computers worldwide and was used to file hundreds of thousands of fraudulent Covid claims and distribute CSAM, among other crimes.

Security 92

Security 92

KnowBe4

MAY 28, 2024

We are big fans of the U.S. Cybersecurity Infrastructure Security Agency (CISA), whose informal slogan of “An organization so committed to security that it’s in our name twice” is a source of pride.

Cybersecurity 94

Cybersecurity Security 94

Advertisement

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

Paper

Data Breach Today

MAY 28, 2024

Starlink Routers in Ukraine and Gaza Trackable via Apple WPS, Researchers Warn Apple's Wi-Fi-based positioning system can be abused to track the live location of various types of devices around the globe, including Starlink routers in war zones, researchers warn. Until Apple puts in place more defenses, they say the system will continue to pose a "large-scale privacy threat.

Risk 230

Risk Privacy 230

The Last Watchdog

MAY 29, 2024

Washington D.C., May 29, 2024, PRNewswire — DNSFilter announced today that it has joined the WeProtect Global Alliance to help prevent the spread of child sex abuse material (CSAM) online. This partnership will help further WeProtect’s mission and work toward creating a safer online environment for children. The WeProtect Global Alliance was founded to create a cohesive, comprehensive response to the widespread issue of online child sexual abuse and exploitation.

Phishing 100

Phishing Education Government Cybersecurity 100

Security Affairs

MAY 26, 2024

Cisco addressed a SQL injection vulnerability in the web-based management interface of the Firepower Management Center (FMC) Software. Cisco addressed a vulnerability, tracked as CVE-2024-20360 (CVSS score 8.8), in the web-based management interface of the Firepower Management Center (FMC) Software. The vulnerability is a SQL injection issue, an attacker can exploit the flaw to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privile

Authentication 105

Authentication Security IT Information Security 105