Tue.Jan 24, 2023

article thumbnail

North Korean Hackers Attacked Horizon, Confirms FBI

Data Breach Today

Lazarus Group, APT38 Stole $100M From the Blockchain Bridge in June North Korea's Lazarus Group was behind the $100 million theft from the Horizon blockchain bridge, the U.S. federal government confirmed.

article thumbnail

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week.

Security 181
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft Security Sales Hit $20B as Consolidation Increases

Data Breach Today

Growing Empire: Microsoft's Security Revenue Up 33% Since 2021, 100% Since 2020 The world's largest cybersecurity vendor continues to pull away from the competition, with Microsoft's security sales surpassing $20 billion in 2022 after 33% annual growth.

Sales 182
article thumbnail

FIRESIDE CHAT: Can ‘MLSecOps’ do for MLOps, what DevSecOps is doing for DevOps?

The Last Watchdog

Massively interconnected digital services could someday soon save the planet and improve the lives of one and all. Related: Focusing on security leading indicators But first, enterprises and small businesses, alike, must come to grips with software vulnerabilities that are cropping up – and being exploited – at a blistering pace. Innovative vulnerability management solutions are taking shape to meet this challenge.

Security 146
article thumbnail

Subsurface: The Ultimate Data Lakehouse Conference

Speaker: Panel Speakers

We’ve just opened registration for Subsurface LIVE 2023! Learn how to innovate with open source technologies such as Apache Arrow, Delta Lake, and more. Register now to secure your spot at Subsurface LIVE being held March 1-2, 2023.

article thumbnail

CommonSpirit Facing 2 Proposed Class Actions Post-Breach

Data Breach Today

More Trending

article thumbnail

VA: Contractors Have One Hour to Report a Security Incident

Data Breach Today

Final Rule Also Addresses 'Liquidated Damages' Contractors Must Pay in Breaches An update to acquisition regulations within the Department of Veterans Affairs emphasizes that contractor have one hour to report a security and privacy incident. The clock starts ticking after the incident's discovery.

article thumbnail

Chat Cybersecurity: AI Promises a Lot, But Can It Deliver?

Dark Reading

Machine learning offers great opportunities, but it still can't replace human experts

article thumbnail

What Federal Charges Against Bitzlato Mean for Cybercrime

Data Breach Today

Feds Say a Firm Nobody's Heard of Was Part of a 'High-Tech Axis of Crypto Crime' When the DOJ announced a "major, international cryptocurrency enforcement action," observers expected to see charges against a well-known firm.

article thumbnail

View from Davos: The Changing Economics of Cybercrime

Dark Reading

Participants in a working session on ransomware at the World Economic Forum discussed how planning ahead can reduce cyber risk

article thumbnail

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

article thumbnail

EU Pega Committee Hears Call For Policy Overhaul on Spyware

Data Breach Today

Draft Recommendations Call for Ban on Trade in Zero Days and Government Stockpiling The European Parliament's Pegasus spyware committee heard draft recommendations calling for a ban on the commercial buying and selling of zero day exploits and for an immediate moratorium on the sale and use of advanced spyware.

Sales 130
article thumbnail

'DragonSpark' Malware: East Asian Cyberattackers Create an OSS Frankenstein

Dark Reading

Hackers cleverly cobbled together a suite of open source software — including a novel RAT — and hijacked servers owned by ordinary businesses

108
108
article thumbnail

SHARED INTEL: Here’s why security analysts need to remain on high alert for fake bug reports

The Last Watchdog

In an ideal world, cybersecurity analysts would get legitimate daily reports on improving a company’s security. Unfortunately, the likelihood of being handed unsolicited, untrustworthy advice is high. Related: Tech giants foster third-party snooping This is what fake bug reports are all about. Scammers now routinely spray out fake bug reports designed to take advantage of the naiveite and/or lack of vigilance of security analysts in the field.

article thumbnail

Security and the Electric Vehicle Charging Infrastructure

Dark Reading

When EVs and smart chargers plug in to critical infrastructure, what can go wrong? Plenty

Security 107
article thumbnail

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

article thumbnail

VMware warns of critical code execution bugs in vRealize Log Insight

Security Affairs

A critical vulnerability in VMware vRealize Log Insight appliance can allow an unauthenticated attacker to take full control of a target system.

article thumbnail

Skyhawk Security Launches Multicloud Runtime Threat Detection and Response Platform

Dark Reading

Skyhawk Synthesis extends cloud security misconfiguration detection across multiple clouds, the company says — throwing cloud security posture management in for free

Cloud 101
article thumbnail

CISA added Zoho ManageEngine RCE (CVE-2022-47966) to its Known Exploited Vulnerabilities Catalog

Security Affairs

US CISA added the Zoho ManageEngine RCE vulnerability CVE-2022-47966 to its Known Exploited Vulnerabilities Catalog. The US CISA added the Zoho ManageEngine remote code execution flaw ( CVE-2022-47966 ) to its Known Exploited Vulnerabilities Catalog.

IT 76
article thumbnail

Forescout Appoints Technology Veteran Barry Mainz as CEO

Dark Reading

Mainz brings 25 years of industry experience to execute on Forescout’s strategy and drive its next phase of growth

IT 100
article thumbnail

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

article thumbnail

Pakistan hit by nationwide power outage, is it the result of a cyber attack?

Security Affairs

Pakistan suffered a nationwide blackout, local authorities are investigating the cause and suspect it was the result of a cyberattack. On Monday, a nationwide blackout in Pakistan left millions of people in the darkness, and the authorities are investigating if it was caused by a cyberattack.

IT 76
article thumbnail

Ticketmaster Blames Bots in Taylor Swift 'Eras' Tour Debacle

Dark Reading

Ticketmaster testified in the Senate that a cyberattack was to blame for the high-profile Taylor Swift concert sales collapse, but some senators aren't so sure

Sales 94
article thumbnail

Cybercriminals Use VSCode Extensions as New Attack Vector

eSecurity Planet

Microsoft’s Visual Studio Code integrated development environment (IDE) is used by as much as 75% of developers, so any security issue has widespread implications. And Aqua Nautilus researchers have discovered a big one.

IT 75
article thumbnail

Keeper Security Shares Password Best Practices Ahead of Data Privacy Day

Dark Reading

article thumbnail

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

article thumbnail

The Unrelenting Menace of the LockBit Ransomware Gang

WIRED Threat Level

The notorious Russian-speaking cybercriminals grew successful by keeping a low profile. But now they have a target on their backs. Security Security / Cyberattacks and Hacks

article thumbnail

Fenix24 Releases White Paper Proposing New Cyber Incident Response Paradigm

Dark Reading

Restoration teams must be part of a collaborative, initial response team to address costly downtime

Paper 80
article thumbnail

GoTo revealed that threat actors stole customers’ backups and encryption key for some of them

Security Affairs

GoTo is notifying customers that its development environment was breached in November 2022, attackers stole customers’ backups and encryption key.

article thumbnail

CyberheistNews Vol 13 #04 [Heads Up] Unusual Blank-Image Phishing Attacks Impersonate DocuSign

KnowBe4

Cybercrime KnowBe4

article thumbnail

7 Ways to Supercharge Your ABM Strategy with Real-Time Intent

Streaming real-time intent is a homerun for marketing and sales’ account-based marketing (ABM) strategies. With real-time buyer insights, you can be first-in-line to provide solutions and lead better, hyper-personalized conversations.

article thumbnail

Researcher found US ‘No Fly List’ on an unsecured server

Security Affairs

A researcher discovered a U.S. No Fly List exposed on the Internet, the sensitive data were hosted on a server run by US airline CommuteAir. Researchers Maia Arson Crimew discovered a U.S. No Fly List hosted on an unsecured server run by US carrier CommuteAir.

article thumbnail

Bulk Surveillance of Money Transfers

Schneier on Security

Just another obscure warrantless surveillance program. US law enforcement can access details of money transfers without a warrant through an obscure surveillance program the Arizona attorney general’s office created in 2014.

article thumbnail

New QR Code Phishing Campaign is Impersonating the Chinese Ministry of Finance

KnowBe4

Researchers at Fortinet warn that a phishing campaign is impersonating the Chinese Ministry of Finance. The phishing emails contain a document with a QR code that leads to a credential-harvesting site. Phishing