Mon.May 22, 2023

article thumbnail

Android Fingerprint Biometrics Fall to 'BrutePrint' Attack

Data Breach Today

Dictionary Attack Plus Neural Network Fools Security Checks, Researchers Find Security researchers have demonstrated a practical attack that can be used to defeat biometric fingerprint checks and log into a target's Android - but not Apple - smartphone. Dubbed "BrutePrint," the brute force attack is inexpensive and practical to deploy at a large scale.

Security 285
article thumbnail

Interview With a Crypto Scam Investment Spammer

Krebs on Security

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several large Mastodon communities to temporarily halt new registrations.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

iSpoof Admin Gets Up to 13 Years in 115M Euro Vishing Fraud

Data Breach Today

Tejay Fletcher Made It Easy for Scammers to Impersonate Phone Numbers The mastermind behind a criminal website that sold tools for scammers who defrauded victims globally of more than 115 million euros received a 13-year, four-month prison sentence in the United Kingdom just months after law enforcement seized the site.

IT 258
article thumbnail

The Mysteries Behind ColdIntro and ColdInvite: TL;DR edition

Jamf

Learn about the discovery of a novel threat vector on iPhone that allows attackers to circumvent security mitigations by exploiting under-protected co-processors, leveraging access to further compromise the iOS kernel.

Access 145
article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

Federal Lawsuits in Fortra Health Data Breach Piling Up

Data Breach Today

Several Proposed Class Actions Filed Against NationsBenefits, Aetna, Others Proposed class action lawsuits are piling up over hackers' use of a vulnerability in Fortra's GoAnywhere secure file transfer and a resulting data breach affecting 3 million individuals. NationsBenefits Holdings disclosed that hackers accessed personal information by using the widely exploited flaw.

More Trending

article thumbnail

Samsung Patches Memory Address Randomization Bypass Flaw

Data Breach Today

Flaw Was Exploited in Chain of Zero-Days Used to Implant Commercial Spyware Android smartphone device manufacturer Samsung has a patch for a flaw used by commercial surveillance hackers to implant malware in the United Arab Emirates. The U.S. Cybersecurity and Infrastructure Security Agency on Friday gave federal agencies until June 9 to patch the vulnerability.

article thumbnail

Cyber Warfare Lessons From the Russia-Ukraine Conflict

Dark Reading

Techniques used in cyber warfare can be sold to anyone — irrespective of borders, authorities, or affiliations. We need to develop strategies to respond at scale.

124
124
article thumbnail

China Bans Micron Chip Sales

Data Breach Today

Micron Says It Is Surprised by the Chinese Cyberspace Administration's Decision China's cybersecurity agency on Sunday banned sales of U.S. chipmaker Micron's products following a cybersecurity review. The decision is the latest in an escalating series of national security-driven moves by Beijing and Washington, D.C., to restrict the market access of their trans-Pacific rival.

Sales 141
article thumbnail

A Threat to Passkeys? BrutePrint Attack Bypasses Fingerprint Authentication

eSecurity Planet

Security researchers recently published a paper detailing an attack they say can be used to bypass smartphone fingerprint authentication. Yiling He of China’s Zhejiang University and Yu Chen of Tencent Security’s Xuanwu Lab are calling the attack BrutePrint , which they say can be used to hijack fingerprint images. An attack like BrutePrint could present a significant threat to passkeys , an increasingly popular way to replace passwords with authentication methods like fingerprint au

article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

Open-Source Info Stealer RAT Hides in Malicious npm Packages

Data Breach Today

TurkoRat Capable of Credential Harvesting, Contains Features Such as Wallet Grabber Researchers have identified two legitimate-looking malicious npm packages that concealed an open-source info stealer for two months before being detected and removed. Developers downloaded the TurkoRat malware about 1,200 times from open-source repositories.

141
141
article thumbnail

PyPI Shuts Down Over the Weekend, Says Incident Was Overblown

Dark Reading

The climate of concern around open source security and supply chain attacks may have caused a small story to become a big one.

Security 121
article thumbnail

Michael Landon’s Secret Best Friends

Information Governance Perspectives

Actor Michael Landon, best known for his portrayal of Charles Ingalls on television’s Little House on the Prairie was my parent’s closest friend and confidant for nearly three decades. Their friendship was full of highs and lows, marked by a great tragedy, and it’s a fabled story that has never been told. I’ve tried my darndest to bring their incredible relationship back to life in the pages of a colorful new memoir, The Bastard of Beverly Hills , available May 23rd from

IT 98
article thumbnail

Improving Cybersecurity Requires Building Better Public-Private Cooperation

Dark Reading

Security vendors, businesses, and US government agencies need to work together to fight ransomware and protect critical infrastructure.

article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

New Top-Level Domains as Potential Phishing Risk

KnowBe4

Google has recently introduced a set of new top-level domains: dad,esq,prof,phd,nexus,foo,zip and.mov. They’re now available for purchase, and it’s the last two that are attracting attention due to the risk of abuse in phishing attacks.

article thumbnail

Meta Hit With $1.3B Record-Breaking Fine for GDPR Violations

Dark Reading

The technology conglomerate has until later this year to end its transfer of European user's data across the Atlantic.

GDPR 120
article thumbnail

Google Is Not Deleting Old YouTube Videos

Schneier on Security

Google has backtracked on its plan to delete inactive YouTube videos—at least for now. Of course, it could change its mind anytime it wants. It would be nice if this would get people to think about the vulnerabilities inherent in letting a for-profit monopoly decide what of human creativity is worth saving.

IT 92
article thumbnail

BlackCat Ransomware affiliate uses signed kernel driver to evade detection

Security Affairs

Experts spotted the ALPHV/BlackCat ransomware group using signed malicious Windows kernel drivers to evade detection. Trend Micro researchers shared details about ALPHV/BlackCat ransomware incident that took place on February 2023. A BlackCat affiliate employed signed malicious Windows kernel drivers to evade detection. Experts believe the driver is a new version of the malware reported in December 2022 by Mandiant , Sophos and Sentinel One , via a coordinated disclosure.

article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

IBM's Polar Buy Creates Focus on a New 'Shadow Data' Cloud Security Area

Dark Reading

The purchase gives IBM access to a new category of products called "data security posture management" for security data in cloud and SaaS repositories.

Cloud 96
article thumbnail

CISA adds iPhone bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

US CISA added three zero-day vulnerabilities affecting iPhones, Macs, and iPads to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added three zero-day vulnerabilities affecting iPhones, Macs, and iPads to its Known Exploited Vulnerabilities Catalog. The three issues reside in the WebKit browser engine and are tracked as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373.

IT 83
article thumbnail

[New & Improved] QR Code Phishing with Snail Mail Postcards

KnowBe4

One of KnowBe4's long-term employees just send me a picture this morning of a postcard that sure looks like it's phishing, the good old-fashioned way: snail mail ! Here is the picture and you tell me what all the red flags are!

article thumbnail

Facing your data challenge with a data catalog

Collibra

Recently, we were thrilled to publish Data Catalogs For Dummies, Collibra Special Edition. You might ask: Why the focus on data catalogs? It’s a good question. The answer is that if you’re in business today, you’re probably drowning in data. In fact, data is increasingly becoming a business-critical asset that needs to be visible, understood, and trusted to drive your organization’s profitability, innovation, and growth.

article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

Cyber Insurance: Is Paying a Ransom Counter-Productive?

KnowBe4

Food for thought as discussed on May 18, 2023, an article posted in The Australian Insurance Council: Banning paying a ransom to cyber hackers is counter-productive where Andrew Hall, the Chief Executive of the Insurance Council of Australia (ICA), stated that “attempts to ban businesses from paying ransoms for cyber attacks risks eroding trust and relationships with government.

article thumbnail

Dish Network says the February ransomware attack impacted +300,000 individuals

Security Affairs

Satellite TV giant Dish Network disclosed a data breach after the February ransomware attack and started notifying impacted individuals. The American satellite broadcast provider Dish Network went offline on February 24, 2023 , the outage impacted Dish.com, Dish Anywhere app, and many other services owned by the company. In early February, the company admitted that the outage was caused by a ransomware attack.

article thumbnail

Meta’s $1.3 Billion Fine Is a Strike Against Surveillance Capitalism

WIRED Threat Level

The record-breaking GDPR penalty for data transfers to the US could upend Meta's business and spur regulators to finalize a new data-sharing agreement.

GDPR 86
article thumbnail

EU hits Meta with $1.3 billion fine for transferring European user data to the US

Security Affairs

The European Union condemned Meta with a record $1.3 billion fine for transferring European user data to the US. The European Union fined Meta $1.3 billion for transferring user data to the US. This is the biggest fine since the adoption of the General Data Protection Regulation (GDPR) by the European Union (EU) on May 25, 2018. In the past, the social media giant Meta threatened to block its services for users in Europe without a legal basis for data transfers.

GDPR 78
article thumbnail

How Embedded Analytics Gets You to Market Faster with a SAAS Offering

Start-ups & SMBs launching products quickly must bundle dashboards, reports, & self-service analytics into apps. Customers expect rapid value from your product (time-to-value), data security, and access to advanced capabilities. Traditional Business Intelligence (BI) tools can provide valuable data analysis capabilities, but they have a barrier to entry that can stop small and midsize businesses from capitalizing on them.

article thumbnail

[Free Tool] Find out who falls victim to QR code phishing attacks with our QR Code Phishing Security Test

KnowBe4

According to QRTIGER , an online QR code generator company, dynamic QR code scans increased 433% globally from 2021 to 2022. In 2022, the FBI released a warning that QR codes may be tampered with by cybercriminals to direct victims to malicious sites.

article thumbnail

How to use VPN with a VPC hub-and-spoke architecture

IBM Big Data Hub

Site-to-site Virtual Private Network (VPN) has been used to connect distributed networks for decades. This post describes how to use a VPC VPN Gateway to connect an on-premises (enterprise) network to the IBM Cloud VPC in a transit hub-and-spoke architecture: VPN Gateway connectivity to a VPC transit hub and spoke. Each spoke can be operated by a different business unit or team.

Cloud 77
article thumbnail

Facebook owner Meta fined €1.2bn for mishandling user information

The Guardian Data Protection

Penalty from Ireland’s privacy regulator is a record for breach of EU data protection regulation Business live – latest updates Facebook’s owner, Meta, has been fined a record €1.2bn (£1bn) and ordered to suspend the transfer of user data from the EU to the US. The fine – equivalent to $1.3bn – imposed by Ireland’s Data Protection Commission (DPC), which regulates Meta across the EU, is a record for a breach of the bloc’s General Data Protection Regulation (GDPR).

GDPR 76