Wed.Mar 22, 2023

article thumbnail

Hackers Are Actively Exploiting Unpatched Adobe ColdFusion

Data Breach Today

Experts Urge Immediate Patching and Reviewing Servers for Signs of Compromise Hackers have been actively exploiting vulnerabilities in ColdFusion to remotely compromise servers, Adobe warns. Since at least early January, attackers have been dropping web shells via ColdFusion, but it's unclear if only now-known vulnerabilities are being exploited, security researchers say.

Security 250
article thumbnail

FIRESIDE CHAT: U.S. banking regulators call out APIs as embodying an attack surface full of risk

The Last Watchdog

APIs have been a linchpin as far as accelerating digital transformation — but they’ve also exponentially expanded the attack surface of modern business networks. Related: Why ‘attack surface management’ has become crucial The resultant benefits-vs-risks gap has not surprisingly attracted the full attention of cyber criminals who now routinely leverage API weaknesses in all phases of sophisticated, multi-stage network attacks.

Risk 202
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Stung by Free Decryptor, Ransomware Group Embraces Extortion

Data Breach Today

BianLian Follows in Karakurt's Footsteps by Moving Away From Crypto-Locking Malware Not all ransomware groups wield crypto-locking malware. Some have adopted other strategies. Take BianLian. After security researchers released a free decryptor for its malware, instead of encrypting files, the group chose to steal them and demand ransom solely for their safe return.

article thumbnail

Chinese Warships Suspected of Signal-Jamming Passenger Jets

Dark Reading

Attackers claiming to be part of the Chinese navy are making calls to commercial Qantas pilots midair, while GPS, comms systems, and altimeter instruments are all experiencing denial of service.

114
114
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Orca Promotes CPO Gil Geron to CEO to Drive Efficient Growth

Data Breach Today

Avi Shua Moves to Chief Innovation Officer Role After Serving as CEO Since Founding Orca Security has promoted Chief Product Officer Gil Geron to CEO to help the agentless cloud security vendor maintain its market leadership and rapid growth. The leadership swap at Portland, Oregon-based Orca will result in Avi Shua moving to the newly created position of chief innovation officer.

Cloud 144

More Trending

article thumbnail

DC Health Link Facing Lawsuits in Hack Affecting Congress

Data Breach Today

Fallout Grows in Aftermath of Incident Involving Stolen Data Posted on the Dark Web The DC Health Benefit Exchange Authority - the online health insurance marketplace servicing Washington, D.C., residents and congressional staff - is facing two proposed class action lawsuits in the aftermath of a hack that affected more than 56,400 individuals, including members of Congress.

Insurance 144
article thumbnail

Identifying AI-Enabled Phishing

KnowBe4

Users need to adapt to an evolving threat landscape in which attackers can use AI tools like ChatGPT to craft extremely convincing phishing emails, according to Matthew Tyson at CSO.

Phishing 109
article thumbnail

US FTC Seeks Information on Cloud Provider Cybersecurity

Data Breach Today

Agency Solicits Public Comment on Cloud Industry Business Practices The U.S. Federal Trade Commission is asking for public comment on cloud computing provider business and security practices. The top three providers - AWS, Microsoft Azure and Google Cloud - account for approximately two-thirds of worldwide cloud spending, which reached nearly $250 billion in 2022.

Cloud 144
article thumbnail

10 Vulnerabilities Types to Focus On This Year

Dark Reading

A new Tech Insight report examines how the enterprise attack surface is expanding and how organizations must deal with vulnerabilities in emerging technologies.

110
110
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Traffers and the growing threat against credentials

Outpost24

Traffers and the growing threat against credentials 28.Mar.2023 Florian Barre Wed, 03/22/2023 - 10:26 Beatriz Pimenta and Jacobo Blancas, KrakenLabs team Threat Intelligence Teaser The Rising Threat of Traffers report, compiled by Outpost24’s Threat Intelligence team, KrakenLabs, provides a deep dive into the credential theft ecosystem, and encourages organizations to evaluate their security measures against these evolving threats.

article thumbnail

CISA Warns on Unpatched ICS Vulnerabilities Lurking in Critical Infrastructure

Dark Reading

The advisory comes the same week as a warning from the EU's ENISA about potential for ransomware attacks on OT systems in the transportation sector.

article thumbnail

What is Mobile Application Management (MAM)?

Jamf

BYOD devices must be usable, secure, and private. And to meet all of these requirements, Apple administrators cannot depend on Mobile Application Management (MAM) alone. They need Apple-first Mobile Device Management (MDM) and endpoint protection purpose-built for Apple.

MDM 98
article thumbnail

Experts released PoC exploits for severe flaws in Netgear Orbi routers

Security Affairs

Cisco Talos researchers published PoC exploits for vulnerabilities in Netgear Orbi 750 series router and extender satellites. Netgear Orbi is a line of mesh Wi-Fi systems designed to provide high-speed, reliable Wi-Fi coverage throughout a home or business. The Orbi system consists of a main router and one or more satellite units that work together to create a seamless Wi-Fi network that can cover a large area with consistent, high-speed Wi-Fi.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

The Future of Cyber Attacks? Speed, More Speed

KnowBe4

I get asked all the time to “predict” the future of cybercrime. What will be the next big cyber attack? What will be the next paradigm platform shift that attackers will target? And so on.

article thumbnail

Rogue ChatGPT extension FakeGPT hijacked Facebook accounts

Security Affairs

A tainted version of the legitimate ChatGPT extension for Chrome, designed to steal Facebook accounts, has thousands of downloads. Guardio ’s security team uncovered a new variant of a malicious Chat-GPT Chrome Extension that was already downloaded by thousands a day. The version employed in a recent campaign is based on a legitimate open-source project , threat actors added malicious code to steal Facebook accounts.

article thumbnail

IoT Startup OP[4] Launches With Firmware Security Platform

Dark Reading

Op[4]'s firmware security platform detects, prioritizes, and remediates exploitable vulnerabilities Internet of Things and embedded systems.

IoT 94
article thumbnail

ENISA: Ransomware became a prominent threat against the transport sector in 2022

Security Affairs

The European Union Agency for Cybersecurity (ENISA) published its first cyber threat landscape report for the transport sector. A new report published by the European Union Agency for Cybersecurity (ENISA) analyzes threats and incidents in the transport sector. The report covers incidents in aviation, maritime, railway, and road transport industries between January 2021 and October 2022.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

$36M BEC Fraud Attempt Narrowly Thwarted by AI

Dark Reading

With more than $36M nearly swindled away, an almost-successful BEC attempt in the commercial real estate space shows how sophisticated and convincing fraud attacks are becoming.

81
article thumbnail

Independent Living Systems data breach impacts more than 4M individuals

Security Affairs

US health services company Independent Living Systems (ILS) discloses a data breach that impacted more than 4 million individuals. US health services company Independent Living Systems (ILS) disclosed a data breach that exposed personal and medical information for more than 4 million individuals. Independent Living Systems, offers a comprehensive range of turnkey payer services including clinical and third-party administrative services to managed care organizations and providers.

article thumbnail

How to Keep Incident Response Plans Current

Dark Reading

Review and update plans to minimize recovery time. Practice and a well-thumbed playbook that considers different scenarios will ensure faster recovery of critical data.

76
article thumbnail

Lionsgate streaming platform with 37m subscribers leaks user data

Security Affairs

Entertainment industry giant Lionsgate leaked users’ IP addresses and information about what content they watch on its movie-streaming platform, according to research from Cybernews. Original post at [link] During their investigation, our researchers discovered that the video-streaming platform Lionsgate Play had leaked user data through an open ElasticSearch instance.

article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

5 Ways CIAM Ensures a Seamless and Secure Customer Experience

Thales Cloud Protection & Licensing

5 Ways CIAM Ensures a Seamless and Secure Customer Experience divya Thu, 03/23/2023 - 05:27 In today's digital-first world, providing customers with trustworthy, hassle-free interactions is critical to business success. A CIAM solution serves as that ‘first door’ between the customer and your online systems, protecting customers’ data while ensuring ease of use.

article thumbnail

The TikTok CEO’s Face-Off With Congress Is Doomed

WIRED Threat Level

On Thursday, Shou Zi Chew will meet a rare united front in the US Congress against the Chinese-owned social media app that has lawmakers in a tizzy.

article thumbnail

BreachForums Shuts Down in Wake of Leader's Arrest

Dark Reading

Administrator shutters the forum on fears that it had been breached by federal authorities but assured members it's not the end for the popular underground hacking site.

IT 74
article thumbnail

BreachForums current Admin Baphomet shuts down BreachForums

Security Affairs

Baphomet, the current administrator of BreachForums, announced that the popular hacking forum has been officially taken down. U.S. law enforcement arrested last week a US man that goes online with the moniker “Pompompurin,” the US citizen is accused to be the owner of the popular hacking forum BreachForums. The news of the arrest was first reported by Bloomberg, which reported that federal agents arrested Conor Brian Fitzpatrick from Peekskill, New York.

Access 69
article thumbnail

A Tale of Two Case Studies: Using LLMs in Production

Speaker: Tony Karrer, Ryan Barker, Grant Wiles, Zach Asman, & Mark Pace

Join our exclusive webinar with top industry visionaries, where we'll explore the latest innovations in Artificial Intelligence and the incredible potential of LLMs. We'll walk through two compelling case studies that showcase how AI is reimagining industries and revolutionizing the way we interact with technology. Some takeaways include: How to test and evaluate results 📊 Why confidence scoring matters 🔐 How to assess cost and quality 🤖 Cross-platform cost vs. quality tr

article thumbnail

When a USB Flash Drive is Actually a Bomb

KnowBe4

A journalist based in Ecuador recently used a USB flash drive that was actually a legitimate bomb.

article thumbnail

How digital fax underpins trade confirmations

OpenText Information Management

SEC Rule 10b-10 requires broker-dealers to send customers a written confirmation on or before the completion of a transaction. It also prescribes the type of information required, which varies with the circumstances of the transaction and the type of security. What is a trade confirmation and why is it important? A trade confirmation is a financial … The post How digital fax underpins trade confirmations appeared first on OpenText Blogs.

article thumbnail

Pipeline Cybersecurity Rules Show the Need for Public-Private Partnerships

Dark Reading

The government should not issue infrastructure regulations without the involvement of the industries it's regulating.