Thu.Apr 20, 2023

article thumbnail

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. The lengthy, complex intrusion has all the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.

Security 262
article thumbnail

North Korean Hackers Chained Supply Chain Hacks to Reach 3CX

Data Breach Today

Mandiant Concludes 3CX Hack Was Result of Earlier Hack on Trading Software Maker North Korean hackers' software supply chain attack on desktop phone developer 3CX was the fruit of a separate and previously undisclosed supply chain attack on a financial trading software maker, is the conclusion of the Mandiant forensics team brought in to investigate.

283
283
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

RSAC Fireside Chat: How timely intel from the cyber underground improves counter measures

The Last Watchdog

Good intelligence in any theater of war is invaluable. Timely, accurate intel is the basis of a robust defense and can inform potent counterattacks. Related: Ukraine hit by amplified DDoS This was the case during World War II in The Battle of Midway and at the Battle of the Bulge and it holds true today in the Dark Web. The cyber underground has become a highly dynamic combat zone in which cyber criminals use engrained mechanisms to shroud communications.

article thumbnail

F5 Lays Off 623 Staffers as Customers Postpone New Purchases

Data Breach Today

Application Security Vendor Pursues $130M Cost Savings by Slashing 9% of Workforce Application security and delivery vendor F5 will shrink its workforce by 9% due to customers delaying purchasing decisions amid macroeconomic uncertainty. The Seattle-based firm will lay off 623 of its 7,100 employees as part of a cost-cutting effort that includes reducing F5's facilities footprint.

Security 144
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

RSAC Fireside Chat: StackHawk helps move the application security needle to ‘shift everywhere’

The Last Watchdog

Embedding security into the highly dynamic way new software gets created and put into service — on the fly, by leveraging ephemeral APIs — has proven to be a daunting challenge. Related: The fallacy of ‘security-as-a-cost-center’ Multitudes of security flaws quite naturally turn up – and threat actors have become adept at systematically discovering and exploiting these fresh vulnerabilities.

Security 184

More Trending

article thumbnail

'GhostToken' Opens Google Accounts to Permanent Infection

Dark Reading

A bug in how Google Cloud Platform handles OAuth tokens opened the door to Trojan apps that could access anything in users' personal or business Google Drives, Photos, Gmail, and more.

Cloud 144
article thumbnail

Breach Roundup: US CFPB, NCR and Rheinmetall

Data Breach Today

Also in Focus: Philippines Law Enforcement Agencies, RentoMojo and Point 32 Health In the days between April 14 and April 20, the spotlight was on the U.S. Consumer Financial Protection Bureau, a ransomware attack on American payments firm NCR, German automotive and arms producer Rheinmetall, state agencies in the Philippines, Indian rental platform RentoMojo, and Point32Health.

article thumbnail

Capita Admits That Its ‘Cyber Incident’ Was Ransomware and That Customer Data Was Breached

IT Governance

The fallout from Capita’s so-called “cyber incident” last month has been slow and damning. After weeks of insisting that criminal hackers had merely disrupted internal systems, the outsourcing giant has confirmed this week that the damage was more than just an ‘incident’. It was, in fact, ransomware. Capita is one of the largest public-sector service providers in the UK, with £6.5 billion in contracts managing systems such as the BBC licence fee and the London congestion charge.

article thumbnail

HIPAA Considerations for AI Tool Use in Healthcare Research

Data Breach Today

The potential use cases for generative AI technology in healthcare appear limitless, but they're weighted with an array of potential privacy, security and HIPAA regulatory issues, says privacy attorney Adam Greene of the law firm Davis Wright Tremaine.

Privacy 144
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

3CX Supply Chain Attack Tied to Financial Trading App Breach

Dark Reading

Mandiant found that North Korea's UNC4736 gained initial access on 3CX's network when an employee downloaded a weaponized but legitimately-signed app from Trading Technologies.

Access 108
article thumbnail

Cryptohack Roundup: Bitrue, Hundred Finance, SafeMoon

Data Breach Today

Also: $10.5M Exploit on 11 Blockchains, MetaMask Third-Party Breach Between April 14 and 20, hackers stole $23 million from Bitrue, $7 million from Hundred Finance and $10.5 million from 11 blockchains. The SafeMoon hacker returned 80% of the stolen $8.9 million, MetaMask suffered a third-party breach and Kyber Network advised LPs to withdraw funds from Elastic.

article thumbnail

Global Spyware Attacks Spotted Against Both New & Old iPhones

Dark Reading

Campaigns that wielded NSO Group's Pegasus against high-risk users over a six-month period demonstrate the growing sophistication and relentless nature of spyware actors.

Risk 108
article thumbnail

Enhanced Security Resilience for Government

Data Breach Today

Cisco's Peter Romness on Defending the Expanded Attack Surface Post-digital transformation, in a world of hybrid work and multi-cloud environments, government agencies in particular sometimes struggle to detect and respond to threats across the expanded attack surface. Peter Romness of Cisco talks about new strategies to defend these broad environments.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

IT Governance Podcast 21.4.23: Capita, Chrome, LockBit for Macs and Alan Calder on cyber security

IT Governance

This week, we discuss the apparent sale of exfiltrated Capita data by the Black Basta ransomware group, a zero-day Google Chrome vulnerability and the development of a new LockBit ransomware variant targeting macOS, and Alan Calder analyses the new US National Cybersecurity Strategy and explains what all organisations should learn from it. Now available on Spotify , Amazon Music , Apple Podcasts and SoundCloud.

article thumbnail

Best Practices for Answering Third-Party Risk Questions

Data Breach Today

Security Leader Sawan Joshi on Updating and Tailoring Partner Risk Assessments Supply chain risk has become more critical in the postpandemic world, and that means you need to ask "much more focused, targeted questions" about your partners, according to Sawan Joshi, director of information security at Cervest, a climate intelligence startup.

Risk 144
article thumbnail

Phishing Email Volume Doubles in Q1 as the use of Malware in Attacks Slightly Declines

KnowBe4

New data shows that cybercriminals started this year off with a massive effort using new techniques and increased levels of attack sophistication.

Phishing 110
article thumbnail

Fortra Hacker Installed Tools on Victim Machines

Data Breach Today

Fortra Reveals Findings From GoAnywhere MFT Attack Hackers who turned a zero-day in Fortra's GoAnywhere software into a bonanza of ransomware attacks for Russian-speaking extortion group Clop first penetrated the company's software in January. Hackers exploited some on-premises instances of the file transfer software as early as Jan. 18.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Multinational ICICI Bank leaks passports and credit card numbers

Security Affairs

ICICI Bank leaked millions of records with sensitive data, including financial information and personal documents of the bank’s clients. ICICI Bank, an Indian multinational valued at more than $76 billion, has more than 5,000 branches across India and is present in at least another 15 countries worldwide. A misconfiguration of the bank systems exposed millions of records with sensitive data.

article thumbnail

Refurbished Routers Contain Sensitive Corporate Data

Data Breach Today

Eset Finds Customer Info, VPN Credentials & Authentication Keys on Used Routers Sanitize IT gear before decommissioning is well-trod cybersecurity advice made to corporations everywhere and yet many persist in disposing of equipment still laden with sensitive data. Cybersecurity firm Eset says it found a wealth of corporate data on secondhand routers.

article thumbnail

Metrics that matter: Data and tools Planet Collibra leaders use to understand climate change and create impact

Collibra

Climate change is one of the most urgent and complex challenges of our time. Collibrians believe that the best place to start when staring down a tough challenge is with data. Trusted data can help make a big problem feel more manageable by directing us toward actions and investments that will have the greatest positive impact. In honor of Climate Month and Earth Day, Joe Lisle, People Analytics Manager and a leader of our Planet Collibra Community, pulled together some of his favored data sourc

article thumbnail

Commercial Surveillance Industry Set for Growth, Says NCSC

Data Breach Today

At Least 80 Countries Have Purchased Advanced Spyware Apps The global commercial spyware market will expand over the next five years as demand for advanced surveillance tools by governments surges, says a new report from the U.K's National Cyber Security Centre. The NCSC assesses that at least 80 countries have purchased advanced spyware apps.

Marketing 144
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack

Security Affairs

North Korea-linked APT group Lazarus employed new Linux malware in attacks that are part of Operation Dream Job. North Korea-linked APT group Lazarus is behind a new campaign tracked as Operation DreamJob (aka DeathNote or NukeSped ) that employed Linux malware. The threat actors were observed using social engineering techniques to compromise its targets, with fake job offers as the lure.

article thumbnail

Major US CFPB Data Breach Caused by Employee

Dark Reading

The sensitivity of the personal information involved in the breach has yet to be determined by agency officials, but it affects 256,000 consumers.

article thumbnail

OpenAI Transparency Report Highlights How GPT-4 Can be Used to Aid Both Sides of the Cybersecurity Battle

KnowBe4

The nature of an advanced artificial intelligence (AI) engine such as ChatGPT provides its users with an ability to use and misuse, potentially empowering both security teams and threat actors alike.

article thumbnail

VMware fixed a critical flaw in vRealize that allows executing arbitrary code as root

Security Affairs

VMware fixed two severe flaws, tracked as CVE-2023-20864 and CVE-2023-20865, impacting the VMware Aria Operations for Logs product. The virtualization giant VMware released security updates to address two critical vulnerabilities, tracked as CVE-2023-20864 and CVE-2023-20865 , impacting the VMware Aria Operations for Logs product (formerly vRealize Log Insight).

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Jamf launches Jamf Executive Threat Protection to defend against advanced mobile threats

Jamf

The new Jamf Executive Threat Protection goes beyond other detection and response solutions to defend your mobile fleet from advanced threats.

98
article thumbnail

Google TAG warns of Russia-linked APT groups targeting Ukraine

Security Affairs

The researchers from Google TAG are warning of Russia-linked threat actors targeting Ukraine with phishing campaigns. Russia-linked threat actors launched large-volume phishing campaigns against hundreds of users in Ukraine to gather intelligence and aimed at spreading disinformation, states Google’s Threat Analysis Group (TAG). In Q1 2023, threat actors linked to Russia’s military intelligence service focused their phishing campaigns on Ukraine, with the country accounting for over 60%

article thumbnail

Washington Likely to Become First State to Enact a Comprehensive Health Privacy Law

Hunton Privacy

On April 17, 2023, the Washington State House concurred to the Washington State Senate’s amendments to Washington State House Bill 1155 , the My Health My Data Act (the “Act”), clearing the Act’s way to Governor Jay Inslee for a final signature. If enacted, the Act would be the first comprehensive consumer health information privacy law in the United States.

Privacy 80