Wed.Sep 13, 2023

article thumbnail

Big MGM Resorts Outage Traces to Ransomware, Researchers Say

Data Breach Today

Alphv/BlackCat Group Reportedly Hit Casino Operator via Social Engineering Attack Booking and reservation systems, as well as slot machines, hotel room door locks, ATMs and more remain offline at multiple MGM Resorts properties as the publicly traded casino hotel giant battles "a cybersecurity issue" that one group of security researchers has tied to a ransomware group attack.

article thumbnail

FBI Hacker Dropped Stolen Airbus Data on 9/11

Krebs on Security

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “ USDoD ” had infiltrated the FBI ‘s vetted information sharing network InfraGard , and was selling the contact information for all 80,000 members. The FBI responded by reverifying InfraGard members and by seizing the cybercrime forum where the data was being sold.

Passwords 317
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

DOD Cyber Strategy Aims to Disrupt Hackers, Deepen Ally Work

Data Breach Today

Defense Department Will Conduct Defensive Ops on Internal Network, Invest in People The Defense Department's updated cyber strategy calls for disrupting malicious actors and boosting the cyber capabilities of U.S. allies to take on Chinese threats to critical infrastructure. Defense officials also plan to conduct defensive operations to protect the department's information network.

268
268
article thumbnail

Black Hat Fireside Chat: The impactful role crowdsourced security intelligence must play

The Last Watchdog

From Kickstarter to Wikipedia, crowdsourcing has become a part of everyday life. Sharing intel for a greater good Now one distinctive type of crowdsourcing — ethical hacking – is positioned to become a much more impactful component of securing modern networks. I had a terrific discussion about this at Black Hat USA 2023 with Casey Ellis, founder and CTO of Bugcrowd , a pioneer in the crowdsourced security market.

Security 194
article thumbnail

Customer Experience Management: Optimizing Your Strategy for Financial Success

Speaker: Diane Magers, Founder and Chief Experience Officer at Experience Catalysts

In the world of business, connecting the dots from experience to financial impact is an essential skill. Transforming customer engagement, Voice of Customer (VoC) insights, and Journey Maps into tangible financial outcomes poses a significant challenge for most organizations. To gain buy-in from the C-Suite and key stakeholders, it’s crucial to illustrate how Experience Management translates into clear, measurable business results.

article thumbnail

EU Chief Announces Plans to Boost AI Development

Data Breach Today

EU Will Grant AI Startups Access to Supercomputers, Commission President Says The European Union will open up supercomputers to artificial intelligence startups in a bid to boost innovation inside the trading bloc, European Commission President Ursula von der Leyen said Wednesday. She said Europe has a "narrowing window of opportunity" to guide responsible innovation.

More Trending

article thumbnail

Journey to the Cloud: Navigating the Transformation - Part 1

Data Breach Today

Nikko Asset Management's Marcus Rameke Defines the Requirements In Part 1 of this three-part blog post, Nikko Asset Management's Marcus Rameke provides an introduction and defines the requirements for making the transformative journey to the cloud. Parts 2 and 3 will discuss more detailed aspects of making the shift to the cloud.

Cloud 284
article thumbnail

Mozilla fixed a critical zero-day in Firefox and Thunderbird

Security Affairs

Mozilla addressed a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in attacks in the wild. Mozilla rolled out security updates to address a critical zero-day vulnerability, tracked as CVE-2023-4863 , in Firefox and Thunderbird that has been actively exploited in the wild. The vulnerability is a heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187, The vulnerability allowed a remote attacker to perform an out-of-bounds memory write via

Security 121
article thumbnail

Feds Warn Healthcare Sector of Akira Ransomware Threats

Data Breach Today

HHS: Group Seems to Favor Targeting Small & Midsized Entities that Lack MFA on VPNs Authorities are warning of threats posed by Akira, a ransomware group that surfaced in March and has been linked to dozens of attacks on small and midsized entities. The group is targeting many industries, including healthcare, and seems to favor entities that lack MFA on VPNs.

article thumbnail

A new ransomware family called 3AM appears in the threat landscape

Security Affairs

3AM is a new strain of ransomware that was spotted in a single incident in which the threat actors failed to deploy the LockBit ransomware in the target infrastructure. Symantec’s Threat Hunter Team discovered a new ransomware family, which calls itself 3AM, that to date has only been deployed in a single incident in which the threat actors failed to deploy the LockBit ransomware.

article thumbnail

How to Stay Competitive in the Evolving State of Martech

Marketing technology is essential for B2B marketers to stay competitive in a rapidly changing digital landscape — and with 53% of marketers experiencing legacy technology issues and limitations, they’re researching innovations to expand and refine their technology stacks. To help practitioners keep up with the rapidly evolving martech landscape, this special report will discuss: How practitioners are integrating technologies and systems to encourage information-sharing between departments and pr

article thumbnail

Microsoft Patches Fix Word and Streaming Services Zero-Days

Data Breach Today

Patch Contains 59 Bugs Fixes, Including 5 Critical Ones Microsoft's September dump of fixes addresses two actively exploited zero-day vulnerabilities, including one in Microsoft Word that has a proof-of-concept code available publicly. "Definitely put this one on the top of your test-and-deploy list," wrote Dustin Childs.

256
256
article thumbnail

Threat actor leaks sensitive data belonging to Airbus

Security Affairs

The multinational aerospace corporation Airbus has launched an investigation into the recent leak of information allegedly stolen from the company. The multinational aerospace corporation Airbus announced that it is investigating a data leak after cybersecurity firm Hudson Rock reported that a hacker posted information on thousands of the company’s vendors to the dark web.

article thumbnail

Chinese APT41 Implicated in Asian National Power Grid Hack

Data Breach Today

Symantec Finds APT41 Fingerprint in a ShadowPad Trojan Attack on Asian Power Grid Cybersecurity researchers at Symantec said a cybercriminal entity with possible ties to the Chinese government used the ShadowPad Trojan to target an Asian country's national power grid earlier this year. The Redfly APT group focused on stealing credentials and compromising multiple computers.

article thumbnail

Redfly group infiltrated an Asian national grid as long as six months?

Security Affairs

A threat actor tracked as Redfly had infected the systems at a national grid located in an unnamed Asian country for six months starting in January. Symantec’s Threat Hunter Team discovered that a threat actor called Redfly used the ShadowPad backdoor to compromise a national grid in an Asian country for as long as six months earlier this year. While ShadowPad is known to be part of the arsenal of multiple China-linked APT groups, the TTPs observed in the attack on the national power grid overla

article thumbnail

The Essential Guide to Analytic Applications

Embedding dashboards, reports and analytics in your application presents unique opportunities and poses unique challenges. We interviewed 16 experts across business intelligence, UI/UX, security and more to find out what it takes to build an application with analytics at its core. No matter where you are in your analytics journey, you will learn about emerging trends and gather best practices from product experts.

article thumbnail

Recent Rhysida Attacks Show Focus on Healthcare By Ransomware Actors

Dark Reading

The operators of the Rhysida ransomware-as-a-service have claimed credit for a crippling attack on Mississippi's Singing River health system.

article thumbnail

FTC to Hold Open Meeting on Stealth Advertising in Digital Media Targeting Children

Hunton Privacy

On September 7, 2023, Lina M. Khan, Chair of the Federal Trade Commission, announced that the FTC will hold an open meeting virtually at 11 am ET on Thursday, September 14, 2023. The agenda of the open meeting includes a vote by the FTC on whether to release a staff perspective and recommendations on the blurring of advertising and content on digital media and its effects on children and teens.

Marketing 110
article thumbnail

Congratulations to our Jammies Awards Finalists

Jamf

We're excited to announce the finalists chosen from the applicants for the Jammies Awards, the customer appreciation awards celebrating those who exemplify Jamf values and innovative usage of Jamf solutions.

111
111
article thumbnail

Zero-Click Exploit in iPhones

Schneier on Security

Make sure you update your iPhones : Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group’s Pegasus commercial spyware onto fully patched iPhones. The two bugs, tracked as CVE-2023-41064 and CVE-2023-41061 , allowed the attackers to infect a fully-patched iPhone running iOS 16.6 and belonging to a Washington DC-based civil society organization via PassKit attachment

Security 110
article thumbnail

ABM Evolution: How Top Marketers Are Using Account-Based Strategies

In times of economic uncertainty, account-based strategies are essential. According to several business analysts and practitioners, ABM is a necessity for creating more predictable revenue. Research shows that nearly three-quarters of marketers (74%) already have the resources needed to build successful ABM programs.

article thumbnail

Rail Cybersecurity Is a Complex Environment

Dark Reading

CISOs in the rail industry must protect an older, more complex infrastructure than most industries. Here are some of the unique, high-stakes challenges.

article thumbnail

Microsoft Patch Tuesday Includes Word, Streaming Service Zero-Days

eSecurity Planet

Microsoft’s Patch Tuesday for September 2023 includes 59 vulnerabilities, five of them rated critical and two currently being exploited in the wild. The two vulnerabilities currently being exploited are CVE-2023-36761 , an information disclosure flaw in Microsoft Word with a CVSS score of 6.2; and CVE-2023-36802 , an elevation of privilege flaw in Microsoft Streaming Service with a CVSS score of 7.8 that could provide an attacker with system privileges.

article thumbnail

A 2-Week Prescription for Eliminating Supply Chain Threats

Dark Reading

Giving users time to detect and then update hijacked packages can help developers avoid using malicious code in software development.

110
110
article thumbnail

Can You Guess Common Phishing Themes in Southeast Asia?

KnowBe4

Researchers at Cyfirma outline trends in phishing campaigns around the world, finding that Singapore is disproportionately targeted by phishing attacks.

Phishing 108
article thumbnail

7+ Graphics Libraries to Enhance Your Embedded Analytics

When your customers come to your app, what do they see: clunky, outdated dashboards or a sleek, modern interface? If your embedded analytics are looking stale, leverage these free graphics libraries to take your embedded analytics offerings above and beyond. This e-book details a number of graphics libraries plus a few bonus tools to modernize your embedded dashboards.

article thumbnail

Microsoft Azure HDInsight Plagued With XSS Vulnerabilities

Dark Reading

To boot, the technology could be riddled with other flaws via its Apache services components, a security vendor says.

Security 118
article thumbnail

Ubotica partners with IBM for one-click deployment of space AI applications

IBM Big Data Hub

Space AI leader Ubotica Technologies is partnering with IBM to leverage IBM cloud infrastructure and watsonx.ai components, intending to simplify the process for a developer to get their application running onboard a satellite. With a single click, mutual customers will be able to securely deploy their AI models directly to satellites that use the Ubotica CogniSAT TM platform.

Cloud 98
article thumbnail

Kubernetes Admins Warned to Patch Clusters Against New RCE Vulns

Dark Reading

All Windows endpoints within a vulnerable Kubernetes cluster are open to command injection attacks, new research finds.

113
113
article thumbnail

Data breach prevention: 5 ways attack surface management helps mitigate the risks of costly data breaches

IBM Big Data Hub

Organizations are wrestling with a pressing concern: the speed at which they respond to and contain data breaches falls short of the escalating security threats they face. An effective attack surface management (ASM) solution can change this. According to the Cost of a Data Breach 2023 Report by IBM, the average cost of a data breach reached a record high of USD 4.45 million this year.

article thumbnail

ABM Success Recipe: Mastering the Crawl, Walk, Run Approach

Shifting to an account-based marketing (ABM) strategy can be both exciting and challenging. Well-implemented ABM motions build engagement with high-value accounts and drive impactful campaigns that resonate with your audience. But where do you begin, and how do you progress from crawling to running? Watch now as Demand Gen experts delve into the essentials of each stage of the ABM process.

article thumbnail

When LockBit Ransomware Fails, Attackers Deploy Brand-New '3AM'

Dark Reading

Nothing good happens after 2 a.m., they say, especially when hackers have two kinds of ransomware at their disposal.

article thumbnail

The Twisted Eye in the Sky Over Buenos Aires

WIRED Threat Level

A scandal unfolding in Argentina shows the dangers of implementing facial recognition—even with laws and limits in place.

Privacy 108
article thumbnail

Companies need help making the dream of digital transformation a reality

IBM Big Data Hub

The term digital transformation gets so much play these days that it’s almost become a cliché But experts from Frost & Sullivan believe that for most organizations, there’s a sizeable gap between dream and reality. Digital transformation drives many IT investments, with a focus on adapting to new work models and customer expectations, increasing capacity to respond to higher demand, managing growth with fewer resources, enhancing eCommerce capabilities, and supporting securi