Fri.Mar 24, 2023

article thumbnail

How BreachForums' 'Pompompurin' Led the FBI to His Home

Data Breach Today

Police: Fitzpatrick Waived Right to Silence, Confessed to Starting & Running Forum The alleged administrator of criminal online forum BreachForums may have thought he took steps to hide his real identity, but instead he left a trail of digital breadcrumbs that led to his arrest and prosecution, shows information unsealed in federal court.

180
180
article thumbnail

Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Dark Reading

In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest.

145
145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GitHub Replaces Private RSA SSH Key After Public Exposure

Data Breach Today

'Abundance of Caution' Cited for Move; No System Compromise or Data Breach Detected GitHub has replaced its private RSA SSH host key after discovering it was being inadvertently exposed to the public via a GitHub repository. Used to safeguard SSH access to Git operations, a bad actor could use the key to impersonate GitHub or eavesdrop. But GitHub reported no signs of abuse.

article thumbnail

UK’s New Pro-innovation Approach to Regulating Digital Technologies

Data Matters

On 15 March 2023, the UK Government published, alongside its Spring Budget, a report on the Pro-innovation Regulation of Technologies Review (the “ Report ”). The Report was led by the government’s Chief Scientific Advisor and National Technology Officer, Sir Patrick Vallance, who was tasked with “bringing together the best minds to advise how the UK can better regulate emerging technologies, enabling their rapid and safe introduction.

article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

Corelight Pursues IR Partnerships, Smaller Enterprise Deals

Data Breach Today

CEO Brian Dye Touts CrowdStrike Partnership, Midsized Enterprises as Key to Growth Corelight has cemented partnerships with incident response firms and extended its capabilities from large enterprises to midsized enterprises to further the reach of its technology. Corelight allows its product to be used by CrowdStrike's incident response team during network-based investigations.

IT 140

More Trending

article thumbnail

Device Maker Zoll Facing 7 Lawsuits in Wake of Breach

Data Breach Today

Proposed Class Actions Come in Aftermath of Hacking Incident Affecting More Than 1 Million Medical device maker Zoll Medical is facing at least seven proposed class action lawsuits filed since it revealed two weeks ago that the data of 1 million individuals had been caught up in a hacking incident involving the company's internal network.

IT 140
article thumbnail

Zoom Zoom: 'Dark Power' Ransomware Extorts 10 Targets in Less Than a Month

Dark Reading

A new threat actor is racking up victims and showing unusual agility. Part of its success could spring from the use of the Nim programming language.

article thumbnail

US Sends Cyber Team to Aid Albania's Cyber Defenses

Data Breach Today

Mission Helped Find Threats, Vulnerabilities in Albania's Critical Infrastructure The United States sent its top cyber offensive team to NATO ally Albania to help secure the nation's critical infrastructure networks. The Cyber National Mission Force helped find cyberthreats and vulnerabilities on networks likely targeted last year by Iranian threat actors.

Security 140
article thumbnail

Ransomware Data Theft Extortion Goes up 40% to 70% From ‘21 to ’22

KnowBe4

A report from Palo Alto Networks’ Unit 42 found that data theft extortion occurred in 70% of ransomware attacks in 2022, compared to 40% in 2021. The researchers examined the four most common methods of cyber extortion (encryption, data theft, harassment, and DDoS attacks) noting that threat actors often combine these tactics within a single attack campaign.

article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

ISMG Editors: What's Next in Russia's Cyber War?

Data Breach Today

Also, Lawsuit Against Clinic With Poor Security; Gartner Endpoint Protection Trends In the latest weekly update, ISMG editors discuss how Russia's invasion of Ukraine upended the cybercrime ecosystem, a lawsuit against a U.S. cardiovascular clinic that seeks a long list of security improvements, and the latest endpoint protection technology trends in the Gartner Magic Quadrant.

Security 140
article thumbnail

Malicious ChatGPT Extensions Add to Google Chrome Woes

Dark Reading

The second malicious ChatGPT extension for Chrome has been discovered, giving malicious actors access to users' Facebook accounts through stolen cookies.

Access 107
article thumbnail

Lawmakers Weigh Laws Proposed in Biden's Cyber Strategy

Data Breach Today

Don't 'Overregulate,' GOP Subcommittee Chairwoman Tells White House Official Members of a U.S. House subcommittee got their first look at the Biden administration's new National Cybersecurity Strategy and quizzed the White House cybersecurity director on the timeline, proposed regulations and incentives for private businesses.

article thumbnail

Pwn2Own Vancouver 2023 Day 2: Microsoft Teams, Oracle VirtualBox, and Tesla hacked

Security Affairs

On the second day of Pwn2Own Vancouver 2023, the organization awarded $475,000 for 10 unique zero-day vulnerabilities. On the second day of Pwn2Own Vancouver 2023, the organization awarded $475,000 for 10 unique zero-day vulnerabilities, bringing the total awarded to $850,000! The bug hunters demonstrated zero-day attacks against the Oracle VirtualBox virtualization platform, Microsoft Teams, Tesla Model 3, and the Ubuntu Desktop OS.

article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

Red Teaming at Scale to Uncover Your Big Unknowns

Dark Reading

A contrarian mindset with applied imagination allows security professionals to assess problems in their organization, prevent failure, or mitigate vulnerabilities.

Security 100
article thumbnail

Exploding USB Sticks

Schneier on Security

In case you don’t have enough to worry about, people are hiding explosives —actual ones—in USB sticks: In the port city of Guayaquil, journalist Lenin Artieda of the Ecuavisa private TV station received an envelope containing a pen drive which exploded when he inserted it into a computer, his employer said. Artieda sustained slight injuries to one hand and his face, said police official Xavier Chango.

article thumbnail

CISA announced the Pre-Ransomware Notifications initiative

Security Affairs

The US Cybersecurity and Infrastructure Security Agency (CISA) announced the Pre-Ransomware Notifications service to help organizations stop ransomware attacks before damage occurs. The US Cybersecurity and Infrastructure Security Agency announced a new Pre-Ransomware Notification initiative that aims at alerting organizations of early-stage ransomware attacks.

article thumbnail

New Vendor Email Compromise Attack Seeks $36 Million

KnowBe4

The details in this thwarted VEC attack demonstrate how the use of just a few key details can both establish credibility and indicate the entire thing is a scam.

article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

Critical flaw in WooCommerce Payments plugin allows site takeover

Security Affairs

A patch for a critical vulnerability in the WooCommerce Payments plugin for WordPress has been released for over 500,000 websites. On March 23, 2023, researchers from Wordfence observed that the “ WooCommerce Payments – Fully Integrated Solution Built and Supported by Woo” plugin had been updated to version 5.6.2. The WooCommerce Payments plugin is a fully integrated payment solution for the WooCommerce open source e-commerce platform, the plugin is developed by Automattic.

article thumbnail

Friday Squid Blogging: Creating Batteries Out of Squid Cells

Schneier on Security

This is fascinating : “When a squid ends up chipping what’s called its ring tooth, which is the nail underneath its tentacle, it needs to regrow that tooth very rapidly, otherwise it can’t claw its prey,” he explains. This was intriguing news ­ and it sparked an idea in Hopkins lab where he’d been trying to figure out how to store and transmit heat. “It diffuses in all directions.

IT 83
article thumbnail

China-linked hackers target telecommunication providers in the Middle East

Security Affairs

Researchers reported that China-linked hackers targeted telecommunication providers in the Middle East in the first quarter of 2023. In the first quarter of 2023, SentinelLabs researchers spotted the initial phases of attacks against telecommunication providers in the Middle East. According to the researchers, the activity is part of the Operation Soft Cell that was first reported in June 2019 by Cybereason.

IT 82
article thumbnail

The Dangers of Vishing Campaigns and How To Protect Yourself

KnowBe4

In recent years, cybercrime has evolved to become more sophisticated than ever before. One of the up and coming methods used by criminals is vishing (voice phishing ). This is where an attacker phones up a victim to simulate a trusted source such as a bank to phish for sensitive information. No one is immune from a vishing attack, even the Social Security Administration.

article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

City of Toronto is one of the victims hacked by Clop gang using GoAnywhere zero-day

Security Affairs

Clop ransomware gang added the City of Toronto to the list of its victims, it is another organization compromised by exploiting GoAnywhere zero-day. Clop ransomware gang added the City of Toronto to the list of victims published on its Tor leak site. The City was targeted as part of a campaign exploiting the recently disclosed zero-day vulnerability in the Fortra’s GoAnywhere secure file transfer tool.

article thumbnail

Application Security Requires More Investment in Developer Education

Dark Reading

If you haven't done so already, it's time to take the first step toward solving this application security dilemma.

article thumbnail

A Hacker’s Mind News

Schneier on Security

My latest book continues to sell well. Its ranking hovers between 1,500 and 2,000 on Amazon. It’s been spied in airports. Reviews are consistently good. I have been enjoying giving podcast interviews. It all feels pretty good right now. You can order a signed book from me here. For those of you in New York, I’m giving at book talk at the Ford Foundation on Thursday, April 6.

IT 62
article thumbnail

Do not expect privacy if charged with a crime, says police standards body

The Guardian Data Protection

College of Policing statement comes after ICO proposes forces across England and Wales no longer ‘should’ name those charged People charged with a crime should have no reasonable expectation of privacy, the national policing standards body has said. The statement from the College of Policing came after media organisations raised concerns over proposed changes to the college’s guidance that stated forces across England and Wales no longer “should” name those charged with crimes including indecent

Privacy 54
article thumbnail

How Embedded Analytics Gets You to Market Faster with a SAAS Offering

Start-ups & SMBs launching products quickly must bundle dashboards, reports, & self-service analytics into apps. Customers expect rapid value from your product (time-to-value), data security, and access to advanced capabilities. Traditional Business Intelligence (BI) tools can provide valuable data analysis capabilities, but they have a barrier to entry that can stop small and midsize businesses from capitalizing on them.

article thumbnail

CyberSecure Announces Strategic Alliance

Dark Reading

The joint partnership represents expanded market opportunities.

article thumbnail

Top Three Trends Discussed at 2023 Legalweek

eDiscovery Law

K&L Gates participated in this week’s 2023 Legalweek in New York City. As members of our firm’s e-Discovery Analysis & Technology (“e-DAT”) Group attended panel discussions regarding emerging legal issues and met with vendors regarding evolving legal technologies, they noted three trends that were being discussed by everyone at the conference.

article thumbnail

A risk management nightmare at Silicon Valley Bank via Fortune

IG Guru

Check out the article here

Risk 74