Fri.Sep 15, 2023

article thumbnail

Caesars Confirms Ransomware Payoff and Customer Data Breach

Data Breach Today

MGM Resorts Continuing to Be Extorted by the Same Alphv/BlackCat Ransomware Group Casino and hotel giant Caesars Entertainment is warning customers that their personal details were stolen in a recent hack attack. After successfully shaking down Caesars for a ransom, the same attackers are continuing to extort MGM Resorts, claiming to have crypto-locked its EXSi hypervisors.

article thumbnail

Okta Flaw Involved in MGM Resorts Breach, Attackers Claim

Dark Reading

ALPHV/BlackCat ransomware operators have used their leak site to "set the record straight" about the MGM Resorts cyberattack. Meanwhile, more attacks abusing Okta could be likely.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Lessons to Learn From Clop's MOVEit Supply-Chain Attacks

Data Breach Today

Data Minimization and Encryption Mitigate Fallout, Says FS-ISAC's Teresa Walsh The Clop ransomware group's zero-day attack on MOVEit software was its fourth data theft campaign targeting secure file transfer users. Organizations can combat such attacks by using data minimization and encryption - among other defenses, says Teresa Walsh, global head of intelligence for FS-ISAC.

article thumbnail

Caesars Entertainment paid a ransom to avoid stolen data leaks

Security Affairs

Caesars Entertainment announced it has paid a ransom to avoid the leak of customer data stolen in a recent intrusion. Caesars Entertainment is the world’s most geographically diversified casino-entertainment company. It is the largest gaming company in the United States, with over 50 casinos and hotels in 13 U.S. states and five countries. The company also owns and operates a number of other businesses, including a golf course management company, a travel agency, and a marketing firm.

article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

Critical Considerations for Generative AI Use in Healthcare

Data Breach Today

Generative AI holds great potential for many amazing applications in healthcare, but it's critical to establish a strong framework before deploying it, said Barbee Mooneyhan, vice president of security, IT and privacy of Woebot Health, a provider of AI-driven online mental health services.

Privacy 277

More Trending

article thumbnail

Iranian Hackers Gain Sophistication, Microsoft Warns

Data Breach Today

Noisy 'Peach Sandstorm' Password Spraying Campaign Is Followed by Stealth Iranian state threat actor "Peach Sandstorm" is growing in sophistication, warns Microsoft in an alert about a campaign of password hacking targeting the satellite, defense and pharmaceutical sectors. The group's newfound polish is reflected in what the hackers did after establishing persistence.

article thumbnail

Catches of the Month: Phishing Scams for September 2023

IT Governance

Welcome to our September 2023 catches of the month feature, which examines recent phishing scams and the tactics criminals use to trick people into compromising their data. Following last month’s news that Microsoft was the most impersonated brand in phishing scams in Q2 2023 – which is hardly surprising given its popularity – this month we discuss three more Microsoft-based scams: two involving Teams and one exploiting Word.

Phishing 110
article thumbnail

TikTok Fined 345 Million Euros by Irish Privacy Watchdog

Data Breach Today

ByteDance-Owned App Fined for Violating Children's Privacy TikTok will pay Irish data privacy regulators 345 million euros to settle allegations it violated the privacy of underage users. A TikTok spokesperson said the company disagreed with Irish Data Protection Commission, calling the violations based on features that no longer exist.

Privacy 269
article thumbnail

Board Members' Lack of Security Awareness Puts Businesses at Risk of Cyber Attacks, Finds Savanti Report

KnowBe4

A report from cybersecurity consultancy Savanti reveals that board members are facing challenges in understanding cyber risks , and this has important implications for businesses.

article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

ISMG Editors: Are Frequently Used Usernames a Security Risk?

Data Breach Today

Also; The 'Quantum Divide'; Global AI Regulatory Trends In the latest weekly update, four editors at ISMG discuss important cybersecurity and privacy issues, including how to keep assets secure in the quantum era, when common usernames pose a cybersecurity threat, and how to strike the right balance between regulation and innovation in AI.

Risk 268
article thumbnail

DoD: China's ICS Cyber Onslaught Aimed at Gaining Kinetic Warfare Advantage

Dark Reading

Escalating incursions into military base infrastructure, telecom networks, utilities, and more signal that Beijing is laying the groundwork for mass disruption.

Military 110
article thumbnail

Enhancing Cloud Security on AWS

Data Breach Today

Why You Should Consider a Cloud-Native Firewall Service How does an organization achieve peace of mind with security while overcoming the challenges of complex hybrid and multi-cloud networks? Here are the top reasons why your organization should consider implementing a cloud-native firewall service to protect your AWS environments and applications.

Cloud 252
article thumbnail

Dariy Pankov, the NLBrute malware author, pleads guilty

Security Affairs

The Russian national Dariy Pankov, aka dpxaker, has pleaded guilty to conspiracy to commit wire and computer fraud. The Russian national Dariy Pankov (28), aka dpxaker, is the author of the NLBrute malware. The man has been extradited to the United States from Georgia. In February 2023, Pankov was charged with conspiracy, access device fraud, and computer fraud.

Sales 94
article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

How artificial intelligence is impacting the future of work in financial services operations

CGI

AI provides an opportunity to retrain the workforce on more complex and challenging work, including additional AI tool applications to further increase efficiency and improve the customer experience. The magnitude of near-term impact will vary by operational area.

article thumbnail

TikTok fined €345m for breaking EU data law on children’s accounts

The Guardian Data Protection

Irish data regulator says platform put 13- to 17-year-old users’ accounts on default public setting, among other breaches TikTok has been fined €345m (£296m) for breaking EU data law in its handling of children’s accounts, including failing to shield underage users’ content from public view. The Irish data watchdog, which regulates TikTok across the EU, said the Chinese-owned video app had committed multiple breaches of GDPR rules.

GDPR 104
article thumbnail

On Technologies for Automatic Facial Recognition

Schneier on Security

Interesting article on technologies that will automatically identify people: With technology like that on Mr. Leyvand’s head, Facebook could prevent users from ever forgetting a colleague’s name, give a reminder at a cocktail party that an acquaintance had kids to ask about or help find someone at a crowded conference. However, six years later, the company now known as Meta has not released a version of that product and Mr.

IT 97
article thumbnail

Microsoft Flushes Out 'Ncurses' Gremlins

Dark Reading

The maintainers of the widely used library recently patched multiple memory corruption vulnerabilities that attackers could have abused to, ahem, curse targets with malicious code and escalate privileges.

article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

91% of Cybersecurity Professionals Have Experienced Cyber Attacks that Use AI

KnowBe4

A new report takes an exhaustive look at how cybersecurity professionals see the current and future state of attacks, and how well vendors are keeping up.

article thumbnail

Microsoft: 'Peach Sandstorm' Cyberattacks Target Defense, Pharmaceutical Orgs

Dark Reading

For months, the Iran-backed APT has carried out waves of password spray attacks attempting to authenticate to thousands of environments across multiple targets worldwide.

article thumbnail

The BISO Secret Weapon: Enhancing Collaboration for Cybersecurity and Business Growth with Nicole Dove

KnowBe4

Do you want to bridge the gap between IT, cybersecurity, and the business to enhance collaboration and integration? Are you seeking a solution to align cybersecurity efforts with business goals?

article thumbnail

Friday Squid Blogging: Cleaning Squid

Schneier on Security

Two links on how to properly clean squid. I learned a few years ago, in Spain, and got pretty good at it. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

Deepfakes More Common So Bolster Your Defenses

KnowBe4

The United States FBI, NSA, and CISA have released a joint report outlining the various social engineering threats posed by deepfakes.

article thumbnail

NCSC: Why Cyber Extortion Attacks No Longer Require Ransomware

Dark Reading

Ransomware becoming less of a factor as threat actors extort businesses with payment options that are less than regulatory fines.

article thumbnail

Microsoft (Once Again) Tops the List of Most Impersonated Brands in 2023

KnowBe4

Out of the over 350 brands regularly impersonated in phishing attacks, Microsoft continues to stand out because they provide attackers with one unique advantage over other brands.

article thumbnail

Why Shared Fate is a Better Way to Manage Cloud Risk

Dark Reading

The shared responsibility model was good enough to cover the first years of the cloud revolution, but the model is showing its limitations. Shared fate is a more mature model for the future of cloud security.

Cloud 83
article thumbnail

How Embedded Analytics Gets You to Market Faster with a SAAS Offering

Start-ups & SMBs launching products quickly must bundle dashboards, reports, & self-service analytics into apps. Customers expect rapid value from your product (time-to-value), data security, and access to advanced capabilities. Traditional Business Intelligence (BI) tools can provide valuable data analysis capabilities, but they have a barrier to entry that can stop small and midsize businesses from capitalizing on them.

article thumbnail

New Scam Impersonates QuickBooks to Steal Credentials, Extract Money

KnowBe4

Establishing urgency through a false need to “upgrade” or lose services, this new attack takes advantage of the widespread use of the popular accounting app to attract victims.

article thumbnail

Greater Manchester Police Hack Follows Third-Party Supplier Fumble

Dark Reading

This incident bears notable resemblance to an attack that occurred just last month affecting London's Metropolitan Police, raising concerns over UK cybersecurity safeguards for public safety.

article thumbnail

New Phishing Attack Uses Social Engineering to Impersonate the National Danish Police

KnowBe4

A malwareless and linkless phishing attack uses sextortion and the threat of legal action to get the attention of potential victims and get them to respond.