Fri.Mar 17, 2023

article thumbnail

Feds Charge NY Man as BreachForums Boss “Pompompurin”

Krebs on Security

The U.S. Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums , a popular English-language cybercrime forum where some of the world biggest hacked databases routinely show up for sale. The forum’s administrator “ Pompompurin ” has been a thorn in the side of the FBI for years, and BreachForums is widely considered a reincarnation of RaidForums , a remarkably similar crime forum that the FBI infiltrated and dismantled in 20

Sales 294
article thumbnail

European Digital Identity Bill Heads to Final Negotiations

Data Breach Today

European Parliament and Council of the EU Set to Engage in Trilogue The European Parliament approved Thursday legislation creating a continentwide framework for digital identity that European leaders hope will diminish the role of big tech companies such as Google and Apple. Members of the European Parliament have pushed for additional privacy measures.

Privacy 276
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Colorado Finalizes Rules Implementing the Colorado Privacy Act   

Hunton Privacy

On March 15, 2023, the Colorado Attorney General’s Office finalized rules implementing the Colorado Privacy Act (“CPA”). The finalized rules were released with an official redline that reflects prior revisions of the rules dated December 21, 2022 , January 27, 2023 , and February 23, 2023. The rules will be published in the Colorado Register later this month and will go into effect on July 1, 2023, when the CPA takes effect.

Privacy 114
article thumbnail

Chinese Hackers Targeting Security and Network Appliances

Data Breach Today

Fortinet Patches Zero-Day Exploited by Suspected Beijing Hacking Group UNC3886 Chinese threat actors are turning security appliances into penetration pathways, forcing firewall maker Fortinet to again attempt to fend off hackers with a patch. Mandiant researchers say suspected Beijing hackers it tracks as UNC3886 has been targeting chip-based firewall and virtualization boxes.

Security 233
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

The Ethics of Network and Security Monitoring

Dark Reading

The chances of getting hacked are no longer low. Companies need to rethink their data collection and monitoring strategies to protect employee privacy and corporate integrity.

More Trending

article thumbnail

HinataBot, a new Go-Based DDoS botnet in the threat landscape

Security Affairs

A new Golang-based DDoS botnet, tracked as HinataBot, targets routers and servers by exploiting known vulnerabilities. Akamai researchers spotted a new DDoS Golang-based botnet, dubbed HinataBot, which has been observed exploiting known flaws to compromise routers and servers. The experts reported that the HinataBot bot was seen being distributed since the beginning of 2023 and its operators are actively updating it.

article thumbnail

TikTok Says US Threatens Ban Unless Chinese Owners Divest

Data Breach Today

Western Governments Cite National Security Concerns as They Restrict TikTok Use TikTok says the Biden administration has demanded that the company's Chinese owners divest their stake in the company or risk seeing the app get banned in America. The U.S., Canada, EU, U.K. and New Zealand have all banned the use of TikTok on government devices, citing national security concerns.

article thumbnail

Hitachi Energy breached by Clop gang through GoAnywhere Zero-Day exploitation

Security Affairs

Hitachi Energy disclosed a data breach, the Clop ransomware gang stole the company data by exploiting the recent GoAnywhere zero-day flaw. Hitachi Energy disclosed a data breach, the company was hacked by the Clop ransomware gang that stole its data by exploiting the recently disclosed zero-day vulnerability in the GoAnywhere MFT (Managed File Transfer).

article thumbnail

What the FTC Is Signaling in Recent Data Privacy Cases

Data Breach Today

Attorney Kirk Nahra on Where FTC Is Headed in Disputes Such as GoodRx, BetterHelp The Federal Trade Commission's recent actions against two companies in separate health data privacy cases are significant developments signaling the FTC's "aggressive push" to enforce violations involving disclosures of consumer health data to third parties, said attorney Kirk Nahra of WilmerHale.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Phishing Attacks Top List of Initial Access Vectors with Backdoor Deployment as Top Objective

KnowBe4

New data looking back at the cyber attacks observed in 2022 shows that phishing continues to dominate as initial access brokers seem to be growing their business using backdoors.

article thumbnail

ISMG Editors: Will SVB Crash Kill Cybersecurity Innovation?

Data Breach Today

Also: Blackbaud Fined; DOJ Reproaches Federal Contractor for Lax Security In the latest weekly update, ISMG editors discuss how the Silicon Valley Bank crash will affect innovation in the cybersecurity space, why the SEC fined cloud provider Blackbaud $3 million for its "erroneous" breach details, and why the feds fined a web hosting firm in a kids' insurance site hack.

article thumbnail

Meta Proposes Revamped Approach to Online Kill Chain Frameworks

Dark Reading

A more holistic model beyond MITRE et al is needed to help defenders better identify and understand commonalities in different online threat campaigns, the Facebook parent company says.

87
article thumbnail

China-linked APT likely linked to Fortinet zero-day attacks

Security Affairs

An alleged Chinese threat actor group is behind attacks on government organizations exploiting a Fortinet zero-day flaw (CVE-2022-41328). A suspected China-linked group is exploiting a Fortinet zero-day vulnerability, tracked as CVE-2022-41328 , in attacks aimed at government organizations. A few days ago, Fortinet researchers warned of an advanced threat actor that is targeting governmental or government-related entities.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Microsoft Outlook Vulnerability Could Be 2023's 'It' Bug

Dark Reading

Snowballing PoC exploits for CVE-2023-23397 and a massive attack surface means almost business user could be a victim.

IT 108
article thumbnail

Top 5 Insider Threats to Look Out For in 2023

Security Affairs

Unquestionably, ‘insider threats’ is one of the most neglected aspects of cybersecurity and some companies fail to recognize associated dangers. Cyberattacks are growing more complex as technology advances. Many businesses concentrate their cybersecurity efforts solely on external attacks, which leaves more openings for internal risks. Some companies fail to recognise the danger of losing confidential information owing to employee negligence or malice.

article thumbnail

Microsoft Azure Warns on Killnet's Growing DDoS Onslaught Against Healthcare

Dark Reading

DDoS cyberattack campaigns from the pro-Russian group have spiked significantly.

126
126
article thumbnail

San Jose State University Master of Archives and Records Administation (MARA) Open Houses Announced

IG Guru

Upcoming Online Open House Sessions: Master of Archives and Records Administration If you’re unable to attend an open house session, you can watch a recorded presentation at your convenience. We also offer one-on-one appointments with our student advisor, who can answer your specific questions in English and Spanish and guide you along your learning journey.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

How CISOs Can Work With the CFO to Get the Best Security Budget

Dark Reading

CISOs can and should push back when they're presented with budget costs that affect the business. Here's how.

article thumbnail

Iowa House and Senate Unanimously Vote to Approve Comprehensive Privacy Legislation

Hunton Privacy

On March 6 and 15, 2023, both chambers of the Iowa Legislature unanimously voted to approve Senate File 262 , which could make Iowa the sixth U.S. state to enact comprehensive privacy legislation. The bill is most similar to Utah’s comprehensive privacy law. Applicability Senate File 262 would apply to a person that (1) conducts business in Iowa or produces products or services that are targeted to Iowa residents and (2) during a calendar year, satisfies at least one of the following thresholds

Privacy 72
article thumbnail

Low-Budget 'Winter Vivern' APT Awakens After 2-Year Hibernation

Dark Reading

The "underreported" APT has returned to focus after attacks promoting Russian and Belarusian government interests and going after targets with humor, zest, and scrappiness.

article thumbnail

92% of Organizations Have Fallen Victim to Phishing as Nearly Every Org is Concerned with Email Security

KnowBe4

New data shows that not only has just about every organization experienced a successful phishing attack , but that they are also paying the price in a number of impactful ways.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Technology Firms Delivering Much-Sought Encryption-in-Use

Dark Reading

If the approaches stand up to scrutiny, companies may soon be able to encrypt most databases in a way that allows using data without needing to decrypt to plaintext.

article thumbnail

Report Findings: Omdia Universe Content Services Platforms

OpenText Information Management

Rapid change and evolving modern work trends require organizations to adapt faster than ever before to stay competitive. Implementing cost-saving and efficiency-boosting solutions like content services platforms helps businesses become more agile and accelerate digital transformation initiatives. With the right content services platform, including cloud implementation options, organizations can take advantage of modern capabilities like … The post Report Findings: Omdia Universe Content Se

article thumbnail

What Makes You Vulnerable to a Third Party Data Breach?

Record Nations

Data breaches make up an increasingly frequent and expensive part of business life. In the most recent 2022 IBM and Ponemon report, 83% of companies they surveyed reported suffering a data breach, with a staggering average cost of $4.35 million. While the causes vary, a data breach related to a third party comprises 62% of […] The post What Makes You Vulnerable to a Third Party Data Breach?

article thumbnail

IDC survey reveals B2B integration priorities to drive organizational growth

OpenText Information Management

By now, it’s clear that businesses feel the pressure to focus on supply chain optimization and improve their B2B integration investments. But where to begin? In a previous blog, I reviewed the results and opinions of IDC and Gartner and outlined some suggestions on achieving higher levels of supply chain maturity. In this blog, I’ve … The post <strong>IDC survey reveals B2B integration priorities<br> to drive organizational growth</strong> appeared first on OpenText

B2B 57
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

What Makes You Vulnerable to a Third Party Data Breach?

Record Nations

Data breaches make up an increasingly frequent and expensive part of business life. In the most recent 2022 IBM and Ponemon report, 83% of companies they surveyed reported suffering a data breach, with a staggering average cost of $4.35 million. While the causes vary, a data breach related to a third party comprises 62% of […] The post What Makes You Vulnerable to a Third Party Data Breach?

article thumbnail

Female Authors celebrated in Yoto Carnegies 2023 Shortlist

CILIP

Female Authors celebrated in Yoto Carnegies 2023 Shortlist The Yoto Carnegies 2023 shortlist is out today, and this year’s list showcases diversity and creativity in authorship and in illustration. The Yoto Carnegies, managed by CILIP, are the UK’s longest running and best-loved book awards for children and young people. An all-female shortlist dominates young adult (YA) fiction for the Yoto Carnegie Medal for Writing, and critically acclaimed authors Jessie Burton, Patrice Lawrence, Sita Brahma

article thumbnail

7 Benefits to Transit Operators Upgrading Ticketing Hardware Systems

HID Global

Upgrading ticketing hardware is essential for mass transit agencies wanting to increase fare revenues and deliver improved services.

52