Krebs on Security

DECEMBER 13, 2022

InfraGard , a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO tha

Sales 359

Sales Energy and Utilities Communications Data breaches 359

Data Breach Today

DECEMBER 13, 2022

Victims Still Learning Their Personal Data Was Illegally Accessed, Copied in 2021 A ransomware attack on the Irish healthcare system in 2021 has cost the government 80 million euros in damages and counting. The Irish Health Service continues to notify victims of the incident that their personal information was illegally accessed and copied.

Ransomware 353

Ransomware Personal data Government Access 353

Security Affairs

DECEMBER 13, 2022

LockBit ransomware gang hacked the California Department of Finance and threatens to leak data stolen from its systems. The LockBit ransomware gang claims to have stolen 76Gb from the California Department of Finance and is threatening to leak the stolen data if the victims will not pay the ransom by December 24. On December 12, the California Department of Finance confirmed the security incident with a statement. “The California Cybersecurity Integration Center (Cal-CSIC) is actively resp

Ransomware 132

Ransomware Military Cybersecurity Security 132

Data Breach Today

DECEMBER 13, 2022

Attackers Use DNS Tunneling as Command-and-Control Channel, Says Pentera Assets kept behind air-gapped networks should be inaccessible, but researchers from Pentera describe how hackers use the DNS protocol as a command-and-control channel. To be truly safe, companies should isolate the DNS server used for air-gapped networks and filter traffic for anomalies.

157

157

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

Analytics

Security Affairs

DECEMBER 13, 2022

Citrix urges customers to update their installs to fix actively exploited zero-day (CVE-2022-27518) in Citrix ADC and Gateway. Citrix urges administrators to apply security updates for a zero-day vulnerability, tracked as CVE-2022-27518, in Citrix ADC and Gateway. The vulnerability is actively exploited by China-linked threat actors to gain access to target networks. “We are aware of a small number of targeted attacks in the wild using this vulnerability.” reads a blog post published

Authentication 131

Authentication Cybersecurity Security Access 131

Security Affairs

DECEMBER 13, 2022

A new Python backdoor is targeting VMware ESXi servers, allowing attackers to take over compromised systems. Juniper Networks researchers spotted a previously undocumented Python backdoor targeting VMware ESXi servers. The researchers discovered the backdoor in October 2022, experts pointed out the implant is notable for its simplicity, persistence and capabilities.

Passwords 130

Passwords IT Access Security 130

Data Breach Today

DECEMBER 13, 2022

Latest Variant Uses Capabilities of BlackMatter, Other Malware U.S. federal authorities are warning healthcare providers, vendors and public health sector organizations of attacks involving LockBit 3.0 ransomware, which includes features of other ransomware variants, including BlackMatter, along with the threat of triple-extortion demands.

Ransomware 130

Ransomware 130

Security Affairs

DECEMBER 13, 2022

VMware fixed three flaws in multiple products, including a virtual machine escape issue exploited at the GeekPwn 2022 hacking competition. VMware addressed three vulnerabilities in multiple products, including a virtual machine escape flaw, tracked as CVE-2022-31705, that was exploited at the GeekPwn 2022 hacking competition. A working exploit for the CVE-2022-31705 vulnerability was demonstrated by Ant Security researcher Yuhao Jiang during the Geekpwn, a hacking contest run by the Tencent Keen

Authentication 124

Authentication Access Security IT 124

Data Breach Today

DECEMBER 13, 2022

Gee Rittenhouse Explains Why Data Policy Must Be Consistent Across CASB, SWG, ZTNA The security industry has traditionally tried to protect sensitive data by putting control points on endpoints or networks, but Skyhigh Security has taken a different approach. The company applies consistent policies around how data is treated across its ZTNA, SWG and CASB offerings.

Security 130

Security IT 130

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Dark Reading

DECEMBER 13, 2022

Threat actors leak employee email addresses, corporate reports, and IT asset information on a hacker forum after an attack on an Uber technology partner.

Cloud 133

Cloud IT 133

Data Breach Today

DECEMBER 13, 2022

Crypto Exchange Ex-CEO Accused by US of 'Orchestrating a Massive, Years-Long Fraud' The founder of bankrupt cryptocurrency exchange FTX, Sam Bankman-Fried, has been arrested by police in the Bahamas, the day before he was due to remotely testify before Congress. Bahamian officials say he faces a "likely" extradition request from the U.S., which has filed charges against him.

130

130

Security Affairs

DECEMBER 13, 2022

Twitter confirmed that the recent leak of members’ profile information resulted from the 2021 data breach disclosed in August 2022. Twitter confirmed that the recent data leak of millions of profiles resulted from the 2021 data breach that the company disclosed in August 2022. At the end of July, a threat actor leaked data of 5.4 million Twitter accounts that were obtained by exploiting a now-fixed vulnerability in the popular social media platform.

Data breaches 102

Data breaches Sales Authentication Archiving 102

Hanzo Learning Center

DECEMBER 13, 2022

It’s been another interesting year in the world of legal technology, and we here at Hanzo have covered a variety of topics in 2022. For the next two weeks in December, we’ll highlight our top 20 ediscovery and compliance blogs. Here are the first ten. Thanks for reading!

Compliance 98

Compliance 98

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Dark Reading

DECEMBER 13, 2022

Organizations need servant leaders to step forward and make their teams' professional effectiveness and happiness a priority.

Cybersecurity 114

Cybersecurity IT 114

WIRED Threat Level

DECEMBER 13, 2022

The suit claims the company lacks adequate moderation to prevent widespread hate speech that has led to violence and death.

Security 103

Security 103

Dark Reading

DECEMBER 13, 2022

Here's what you need to patch now, including six critical updates for Microsoft's final Patch Tuesday of the year.

118

118

KnowBe4

DECEMBER 13, 2022

On December 8 th , the Cybersecurity & Infrastructure Security Agency (CISA) released a great phishing infographic about data collected, lessons learned and recommendations learned from simulated phishing attacks that CISA has done for organizations. It is a great, independent, unbiased infographic with a lot of good data and recommendations. If you and your organization follow the included recommendations, you will be better off.

Phishing 81

Phishing Data collection Cybersecurity Security 81

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Dark Reading

DECEMBER 13, 2022

Software teams can now fix bugs faster with faster release cycles, but breach pressure is increasing. Using SBOM and automation will help better detect, prevent, and remediate security issues throughout the software development life cycle.

Security 81

Security 81

WIRED Threat Level

DECEMBER 13, 2022

And new evidence suggests those hackers may have collaborated with the police who investigated him.

Security 88

Security 88

Dark Reading

DECEMBER 13, 2022

Deloitte's Future of Cyber study highlights the fact that cybersecurity is an essential part of business success and should not be limited to just mitigating IT risks.

Cybersecurity 81

Cybersecurity Risk IT 81

WIRED Threat Level

DECEMBER 13, 2022

The company has taken measures to mitigate the risks, but security researchers warn of a broader threat.

Ransomware 80

Ransomware Risk Security 80

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Dark Reading

DECEMBER 13, 2022

Citrix issues a critical update as NSA warns that the APT5 threat group is actively trying to target ADC environments.

90

90

Hunton Privacy

DECEMBER 13, 2022

On December 7, 2022, the Federal Trade Commission released a tentative agenda for its Open Commission Meeting, which will take place on December 14, 2022. The event will feature opening remarks by FTC Chair Lina Khan, and include a presentation by the Chief Technology Officer’s team on the FTC’s data security efforts. The meeting will be held virtually at 1:00 PM (EST), and will be open to the public to address comments to the FTC.

Security 55

Security IT 55

Dark Reading

DECEMBER 13, 2022

Offensive security researchers found 63 previously unreported vulnerabilities in printers, phones, and network-attached storage devices in the Zero Day Initiative's latest hackathon.

Security 82

Security 82

Collibra

DECEMBER 13, 2022

2022 is almost over — but what a year it has been for the partnership between Collibra and Snowflake! We’ve witnessed the release and development of numerous offerings and integrations designed to drive better experience and greater value for our customers. The integrations between Snowflake and Collibra were born of an understanding that shared customers benefit by having a more tightly integrated experience with end-2-end data governance by discovering, augmenting, protecting and monitoring d

Government 52

Government Metadata Sales Cloud 52

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Dark Reading

DECEMBER 13, 2022

OSV-Scanner generates a list of dependencies in a project and checks the OSV database for known vulnerabilities, Google says.

70

70

Outpost24

DECEMBER 13, 2022

2023 Cybersecurity Predictions. 13.Dec.2022. Florian Barre. Tue, 12/13/2022 - 09:57. Full Stack Security. Teaser. In light of the numerous large-scale cyberattacks witnessed in the last year, 2023 promises to be an exciting time for cybersecurity. Outpost24 experts share their thoughts on what we can expect in the new year, and how to best prepare against new threats.

Cybersecurity 52

Cybersecurity Security 52

Dark Reading

DECEMBER 13, 2022

Former Head of Security at Stripe and Distinguished Security Engineer at Google joins cloud security leader to help scale security excellence across customer base.

Security 53

Security Cloud 53