Thu.Jan 26, 2023

article thumbnail

FBI Seizes Hive Ransomware Servers in Multinational Takedown

Data Breach Today

Agents Infiltrated Hive in July 2022: 'We Hacked the Hackers,' Says DOJ Official The FBI penetrated the network of the Hive ransomware group, which has a history of attacking hospitals. A multinational operation seized the ransomware-as-a-service group's leak site and two servers located in Los Angeles. U.S. law enforcement said an investigation is ongoing.

article thumbnail

7 Insights From a Ransomware Negotiator

Dark Reading

The rapid maturation and rebranding of ransomware groups calls for relentless preparation and flexibility in response, according to one view from the trenches.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

2 Hacks Involving Mental Health Data Affected Nearly 400,000

Data Breach Today

Includes Ransomware Attack on Social Services Provider, Email Hack on Behavioral Health Entity Two hacking breaches - one at a non-profit provider of foster care, mental health and substance treatment services, and the other at a provider of behavioral health services - have affected sensitive information of nearly 400,000 individuals.

article thumbnail

IT Governance Podcast 2023-2: Mailchimp, fast food, T-Mobile, ice rinks, iOS update and ISO 27001

IT Governance

This week, we discuss the fallout from the latest Mailchimp breach, a ransomware attack on KFC, Pizza Hut and Taco Bell’s parent company, another T-Mobile data breach, an incident affecting Planet Ice, and an update for older Apple devices. We also talk to the ISO 27001 expert Steve Watkins about his new pocket guide to the Standard. Now available on Spotify , Amazon Music , Apple Podcasts and SoundCloud.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Venture Capitalist: Now Is an Ideal Time to Invest in Cyber

Data Breach Today

Forgepoint's Alberto Yépez on the State of Cybersecurity Investments in 2023 Valuations are down, some companies have left the market altogether, and some even have announced deep rounds of layoffs. Yet, Alberto Yépez of Forgepoint Capital retains optimism for the cybersecurity marketplace in 2023 and says now is the ideal time to be ramping up investments in innovation.

More Trending

article thumbnail

Protecting the Hidden Layer in Neural Networks

Data Breach Today

In this episode of "Cybersecurity Unplugged," Chris "Tito" Sestito discusses technology to protect neural networks and artificial intelligence and machine-learning models, and John Kindervag explains how such technology fits into the zero trust framework.

article thumbnail

Hive Ransomware Tor leak site apparently seized by law enforcement

Security Affairs

The leak site of the Hive ransomware gang was seized due to an international operation conducted by law enforcement in ten countries. The Tor leak site used by Hive ransomware operators has been seized as part of an international operation conducted by law enforcement in 10 countries. “The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against Hive Ransomware.” reads the message displayed in English and Russian on the Hive ranso

article thumbnail

Uniform Infrastructure Raises Risk for Industrial Attacks

Data Breach Today

Dragos CEO: Unpatched Vulnerabilities Less of a Problem in OT Than Outsiders Think The increased physical connectivity of digital assets has expanded the attack surface and added complexity for engineers in industrial environments, says Dragos CEO Robert Lee. More industrial automation and new systems have made it tougher for plant operators to conduct root cause analysis.

Risk 130
article thumbnail

An unfaithful employee leaked Yandex source code repositories

Security Affairs

A source code repository allegedly stolen by a former employee of the Russian tech giant Yandex has been leaked online. A Yandex source code repository allegedly stolen by a former employee of the Russian IT giant has been leaked on a popular cybercrime forum. Ой, 44.71G yandex git sources утекло) [link] — Dmitry Balakov (@dbalakov) January 25, 2023 The announcement published on BreachForums includes a magnet link to the alleged ‘Yandex git sources.’ The threat actor behind the

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

OneSpan to Buy ProvenDB to Securely Store, Vault Documents

Data Breach Today

The Australian Startup Uses Blockchain To Stop Data Tampering, Document Alteration OneSpan plans to purchase an Australian startup founded by a longtime Quest Software executive to securely store and vault documents based on blockchain technology. Melbourne, Victoria-based ProvenDB uses blockchain to deliver security that prevents data tampering and document alteration.

article thumbnail

A Child's Garden of Cybersecurity

Dark Reading

Whether you dream of your child growing into a CISO or just want them to improve their security hygiene, consider this roundup of literary geekery.

article thumbnail

U.K. Insurers Mostly Withstand Cyber Stress Test

Data Breach Today

Exclusions and Reinsurance Bolster Resiliency to Extreme Cyber Risk A periodic stress test assessment of U.K. insurers by the Bank of England found underwriters mostly withstood extreme cyber events. Still, underwriters may not be operating from the same set of assumptions when it comes to the likelihood of having to manage an actual extreme cyber event.

Insurance 130
article thumbnail

Threat Groups Distributing Malware via Google Ads

eSecurity Planet

Security researchers are warning that Google Ads are being actively leveraged to distribute malware to unsuspecting victims searching for software downloads. On January 20, CronUp researcher Germán Fernández warned that the DEV-0569 ransomware group is using Google Ads to distribute Gozi/Ursnif malware, RedLine stealer, and Royal ransomware. “For deployment, they use Add-MpPreference to configure exclusions in Windows Defender (extensions, paths and processes), NSudo to launch binaries wit

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Ukraine's Critical Sectors Targeted in Phishing Attack Surge

Data Breach Today

Spike in Late 2022 Occurred as Experts Were Tracking 'Reduced Tempo' in Conflict While Russian military forces and allied groups continue to pummel Ukrainian targets with online attacks, security experts tracked a phishing and malware surge at the end of 2022, even as U.S. intelligence said the war was running at a "reduced tempo.

Phishing 130
article thumbnail

German Government, Airports, Banks Hit With Killnet DDoS Attacks

Dark Reading

After Berlin pledged tanks for Ukraine, some German websites were knocked offline temporarily by Killnet DDoS attacks.

article thumbnail

ISACA Survey: Privacy in Practice 2023 Highlights

Data Breach Today

Privacy Expert Safia Kazi on Privacy Skills, Building Privacy by Design ISACA's recently published Privacy in Practice 2023 survey report shares new research related to the privacy workforce, privacy skills, privacy by design and the future of privacy. Expert Safia Kazi shares ways organizations can align privacy goals with business objectives.

Privacy 130
article thumbnail

BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturer

Security Affairs

The BlackCat Ransomware group claims to have hacked SOLAR INDUSTRIES INDIA and to have stolen 2TB of “secret military data.” The BlackCat Ransomware gang added SOLAR INDUSTRIES INDIA to the list of victims published on its Tor leak site. The company is a globally recognised industrial explosives manufacturer, it provides complete blasting solutions, including packaged, bulk explosives and initiating systems to meet its customer needs across the globe.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

The Double-Edged Sword of AI in Healthcare Cybersecurity

Data Breach Today

Both Medical Professionals and Cyberattackers Are Using AI to Improve Their Work As artificial intelligence, or AI, grows in popularity for simplifying workflows and diagnosing patients, healthcare leaders need to understand that AI use is also increasing among cyberattackers and take action to prevent its use for malicious purposes.

article thumbnail

UK NCSC warns of spear-phishing attacks from Russia-linked and Iran-linked groups

Security Affairs

The U.K. National Cyber Security Centre (NCSC) warns of a surge in the number of attacks from Russian and Iranian nation-state actors. The U.K. National Cyber Security Centre (NCSC) is warning of targeted phishing attacks conducted by threat actors based in Russia and Iran. The are increasingly targeting organizations and individuals. The UK agency reported ongoing spear-phishing campaigns carried out by Russia-based group SEABORGIUM and Iran-based group TA453 to gather intelligence on the victi

article thumbnail

On Alec Baldwin’s Shooting

Schneier on Security

We recently learned that Alec Baldwin is being charged with involuntary manslaughter for his accidental shooting on a movie set. I don’t know the details of the case, nor the intricacies of the law, but I have a question about movie props. Why was an actual gun used on the set? And why were actual bullets used on the set? Why wasn’t it a fake gun: plastic, or metal without a working barrel?

IT 83
article thumbnail

SaaS RootKit Exploits Hidden Rules in Microsoft 365

Dark Reading

A vulnerability within Microsoft's OAuth application registration allows an attacker to create hidden forwarding rules that act as a malicious SaaS rootkit.

88
article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

Most Criminal Cryptocurrency Funnels Through Just 5 Exchanges

WIRED Threat Level

The crypto money-laundering market is tighter than at any time in the past decade, and the few big players are moving a “shocking” amount of currency.

article thumbnail

Federal Agencies Infested by Cyberattackers via Legit Remote Management Systems

Dark Reading

Hackers don't need a key to get past your defenses, if they can essentially teleport using RMMs, warns CISA and the NSA.

98
article thumbnail

The Best Personal Safety Devices, Apps, and Alarms (2023)

WIRED Threat Level

Your smartphone or wearable could help you out in a truly dangerous situation. Here are some options to consider.

article thumbnail

Hive Ransomware Gang Loses Its Honeycomb, Thanks to DoJ

Dark Reading

The US Department of Justice hacked into Hive's infrastructure, made off with hundreds of decryptors, and seized the gang's operations.

IT 89
article thumbnail

A Tale of Two Case Studies: Using LLMs in Production

Speaker: Tony Karrer, Ryan Barker, Grant Wiles, Zach Asman, & Mark Pace

Join our exclusive webinar with top industry visionaries, where we'll explore the latest innovations in Artificial Intelligence and the incredible potential of LLMs. We'll walk through two compelling case studies that showcase how AI is reimagining industries and revolutionizing the way we interact with technology. Some takeaways include: How to test and evaluate results 📊 Why confidence scoring matters 🔐 How to assess cost and quality 🤖 Cross-platform cost vs. quality tr

article thumbnail

What is a Good Completion Percentage for Security and Compliance Training?

KnowBe4

Completion percentages on compliance and security training campaigns have become a popular topic of discussion.

article thumbnail

Cybellum Releases Enhanced SBOM Management and Compliance Oversight for Manufacturers with New Release of its Product Security Platform

Dark Reading

Advanced workflow, approval process, and management dashboard enhance control, distribution, and supervision, while reducing errors and streamlining the entire SBOM management process.

article thumbnail

Stu's Law: "You get the future you ignore"

KnowBe4

I have read a lot of Sci-fi. Thousands of books actually. You can't help but start recognizing patterns. One of my favorite movies is Blade Runner. Main character Rick Deckard states: “ Replicants are like any other machine - they're either a benefit or a hazard. If they're a benefit, it's not my problem.

IT 83