Thu.Mar 23, 2023

article thumbnail

US Officials Urged to Examine Chinese Risk to Electric Grid

Data Breach Today

Utility Vendors Have Cut Back on Buying Chinese Transformers Due to Security Risks Utility companies have increasingly refrained from purchasing large power transformers from China given greater awareness of the security risks. Lawmakers sparred with the Energy Department's cybersecurity leader over how much of the electric grid contains components manufactured in China.

Risk 233
article thumbnail

Ferrari Hits a Roadblock as Cyber Criminals Hold it to Ransom

IT Governance

Ferrari is racing to contain the damage after it was targeted by cyber criminals this week. The supercar manufacturer said that its systems were compromised and that customer data has been stolen. In a breach notification letter sent to affected individuals, Ferrari noted that a limited number of IT systems were breached, and some customers’ names, addresses, email addresses and telephone numbers were exposed.

IT 111
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Lawmakers Weigh New Regulations in U.S. Cyber Strategy

Data Breach Today

Don't 'Overregulate,' GOP Subcommittee Chairwoman Tells White House Official Members of a U.S. House panel got their first look at the Biden Administration's new National Cybersecurity Strategy and quizzed the White House cybersecurity director on the timeline, proposed regulations and incentives for private businesses.

article thumbnail

IT Governance Podcast 2023-6: Ferrari, Dole, TikTok (again), Android

IT Governance

This week, we discuss ransomware attacks on Ferrari and the Dole Food Company, another TikTok ban – this time by the BBC – and vulnerabilities that allow some Android phones to be hacked with only the victim’s phone number. Now available on Spotify , Amazon Music , Apple Podcasts and SoundCloud. The post IT Governance Podcast 2023-6: Ferrari, Dole, TikTok (again), Android appeared first on IT Governance UK Blog.

article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

Online Card Fraud Flourishes, Thanks to the Magnetic Stripe

Data Breach Today

International Financial Crimes Expert Mark Solomon on Card Fraud Tactics and Trends EMV chip technology has taken a major bite out of credit card fraud at the point of sale, but card-not-present fraud continues to flourish thanks to an age-old technology - the magnetic stripe, says Mark Solomon, international president, International Association of Financial Crimes Investigators.

Sales 173

More Trending

article thumbnail

SideCopy APT Targets India's Premier Defense Research Agency

Data Breach Today

SideCopy APT Used Decoy Documents in Spear-Phishing Attack On DRDO Security researchers uncovered a Pakistani cyberespionage group employing fresh tactics to target workers at India's Defence Research and Development Organization and steal sensitive military secrets. A new campaign uses a PowerPoint file with information about India-developed K4 missile.

Military 162
article thumbnail

SEC Advances Three New Cybersecurity Rule Proposals

Hunton Privacy

On March 15, 2023, the Securities and Exchange Commission (“SEC”) proposed three rules related to cybersecurity and the protection of consumer information. The SEC’s first proposal would amend Regulation S-P. Regulation S-P imposes privacy, data security, and data disposal rules on broker-dealers, investment advisers, and investment companies subject to the SEC’s authority under the Gramm-Leach-Bliley Act.

article thumbnail

Cryptohack Roundup: BitPay, Euler Finance Gala Games

Data Breach Today

Also: Fireblocks, BitGo Clash; Bitzlato Users can Withdraw Some Funds Every week, ISMG rounds up cybersecurity incidents in the world of digital assets. In focus between March 17 and 23: New York State Department of Financial Services reminds BitPay that regulations exist. Also, Euler Finance, Gala Games, BitGo, ZenGo, General Bytes, Bitzlato and ParaSpace.

article thumbnail

Users Clicking on Multiple Mobile Phishing Links Increases 637% in Just Two Years

KnowBe4

New data shows that phishing mobile devices as an attack vector is growing in popularity – mostly because it’s increasingly working. in exponential terms.

Phishing 109
article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

Credit Card Stealer Targets WordPress Payment Plug-Ins

Data Breach Today

MageCart Operators Hide Infection in Legitimate Payment Processing Software Attackers are deploying modified MageCart malware against WordPress websites that use the WooCommerce shopping cart plug-in, says website security firm Sucuri. Hackers inject PHP and JavaScript code and hide stolen credit card numbers in.jpg files.

Security 147
article thumbnail

Apple and Jamf help airline employees spread their wings

Jamf

The aviation industry is always on the move; their technology needs to be able to keep up. Apple and Jamf help airlines stay efficient and effective on the go—read this blog to learn more.

98
article thumbnail

Breach Roundup: Ferrari, Indian Health Ministry and the NBA

Data Breach Today

Also: Lionsgate, Royal Dirkzwager, New LockBit Claims and Latitude Financial This week's roundup of cybersecurity incidents around the world includes attacks on luxury car manufacturer Ferrari, the Indian health system and a Dutch maritime logistics company. Other data breach incidents involve the NBA, Lionsgate, the city of Oakland, McDonald's and Samsung.

article thumbnail

Pwn2Own Vancouver 2023 Day 1: Windows 11 and Tesla hacked

Security Affairs

On the first day of Pwn2Own Vancouver 2023, the organization awarded $375,000 (and a Tesla Model 3) for 12 zero-day flaws. The Pwn2Own Vancouver 2023 has begun, this hacking competition has 19 entries targeting nine different targets – including two Tesla attempts. On the first day of the event, the organization awarded $375,000 (and a Tesla Model 3) for 12 zero-day vulnerabilities demonstrated by the participants.

article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

Splashtop Buys Foxpass to Bring Enterprise IAM to the Masses

Data Breach Today

Foxpass Purchase Will Thwart Password Sharing and Simplify Developer Onboarding Remote access provider Splashtop has bought server and network access management vendor Foxpass to get better visibility across co-managed and multi-tenant environments. The acquisition of Foxpass will simplify the onboarding experience for developers while ensuring passwords aren't being shared.

Passwords 130
article thumbnail

Experts published PoC exploit code for Veeam Backup & Replication bug

Security Affairs

Researchers released a PoC exploit code for a high-severity vulnerability in Veeam Backup & Replication (VBR) software. Veeam recently addressed a high-severity flaw, tracked as CVE-2023-27532 , in Veeam Backup and Replication (VBR) software. An unauthenticated user with access to the Veeam backup service (TCP 9401 by default) can exploit the flaw to request cleartext credentials.

Access 93
article thumbnail

MITRE Rolls Out Supply Chain Security Prototype

Dark Reading

Cloud-based System of Trust application now available for test-driving quantitative risk assessment of suppliers of hardware, software, services.

Cloud 102
article thumbnail

Cyber Insurers Quietly Remove Coverage for Social Engineering and Fraudulent Instruction Claims

KnowBe4

As cyber insurers become more experienced in what kinds of claims are being presented, and the threat action details therein, specific types of coverages are no longer being included.

article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

A million at risk from user data leak at Korean beauty platform PowderRoom

Security Affairs

South Korean beauty content platform, PowderRoom, has leaked the personal information of nearly one million people. Established in 2003, PowderRoom is a South Korean beauty content platform connecting 3.5 million members and thousands of beauty brands It calls itself the first and the biggest beauty community in South Korea that “allows you to experience new brand products faster than anyone else and share the experience” It exposed up to a million users’ full names, phone numbers, emails, Insta

Risk 88
article thumbnail

Mass Ransomware Attack

Schneier on Security

A vulnerability in a popular data transfer tool has resulted in a mass ransomware attack : TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the ransomware attack, suggesting more victims are likely to come forward. However, while the number of victims of the mass-hack is widening, the known impact is murky at best.

article thumbnail

Dole discloses data breach after February ransomware attack

Security Affairs

Dole Food Company confirmed that threat actors behind the recent ransomware attack had access to employees’ data. Dole Food Company is an Irish agricultural multinational corporation, it is one of the world’s largest producers of fruit and vegetables, operating with 38,500 full-time and seasonal employees who supply some 300 products in 75 countries.

article thumbnail

Half of Organizations Report at Least Monthly Outages from Cyberattacks

KnowBe4

New data on the current state of cybersecurity shows that organizations are experiencing challenges, falling behind, and seeing the impact of all this post-attack.

article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

Cisco fixed multiple severe vulnerabilities in its IOS and IOS XE software

Security Affairs

Cisco addressed tens of vulnerabilities in its IOS and IOS XE software, six of these issues have been rated ‘high severity’. Cisco published the March 2023 Semiannual IOS and IOS XE Software Security Advisory that addresses several vulnerabilities in IOS and IOS XE software. Below is the list of flaws addressed by the IT giant in this bundled publication: Cisco Security Advisory CVE ID Security Impact Rating CVSS Base Score Cisco IOS and IOS XE Software IPv6 DHCP (DHCPv6) Relay and Server Denial

IT 84
article thumbnail

Facebook and Microsoft Top the List of Most Impersonated Brands in 2022

KnowBe4

As scammers continue to see massive returns on their phishing attacks, the use of impersonation with well-known brands continues to circle around the dominant players.

article thumbnail

TikTok Paid for Influencers to Attend the Pro-TikTok Rally in DC

WIRED Threat Level

The embattled social media company brought out the checkbook to ensure at least 30 of its biggest assets—creators—were in DC to help fend off critics.

IT 89
article thumbnail

Open Source Vulnerabilities Still Pose a Big Challenge for Security Teams

Dark Reading

Open source software continues to pose a challenge for companies. With the proper security practices, you can reduce your open source risk and manage it.

article thumbnail

How Embedded Analytics Gets You to Market Faster with a SAAS Offering

Start-ups & SMBs launching products quickly must bundle dashboards, reports, & self-service analytics into apps. Customers expect rapid value from your product (time-to-value), data security, and access to advanced capabilities. Traditional Business Intelligence (BI) tools can provide valuable data analysis capabilities, but they have a barrier to entry that can stop small and midsize businesses from capitalizing on them.

article thumbnail

Nexus, an emerging Android banking Trojan targets 450 financial apps

Security Affairs

Experts warn of an emerging Android banking trojan dubbed Nexus that was employed in attacks against 450 financial applications. Cybersecurity firm experts from Cleafy warn of an emerging Android banking trojan, named Nexus, that was employed by multiple groups in attacks against 450 financial applications. The Nexus ransomware was first analyzed in early March by researchers from the threat intelligence firm Cyble.

article thumbnail

Bundestag Bungle: Political Microtargeting of Facebook Users Draws Ire

Dark Reading

With shades of the Cambridge Analytica scandal, German political parties skirted consumer data privacy regulations during the country's last parliamentary election, a privacy watchdog warns.

article thumbnail

Women who inspire the Women of Collibra — Celebrating Women’s History Month 2023

Collibra

Women’s History Month is a time to honor the women who have had a positive impact on our world: the inventors, the explorers, the changemakers, the caretakers, the thought provokers, and the boundary breakers. Women have made and continue to make history in every field and social sphere. We at Collibra are spending the month learning about some of these amazing women and connecting with one another to apply the lessons we learn toward advancing our own careers and Collibra’s mission.

Sales 76