Mon.Apr 03, 2023

article thumbnail

Western Digital Discloses Breach a Day After My Cloud Outage

Data Breach Today

Online Services Are Offline Hard disk drive maker Western Digital disclosed a hacking incident the company says likely resulted in data theft. Online services offered by the California company - including personal and enterprise cloud storage and email and push notifications - are down as of publication.

Cloud 233
article thumbnail

A Serial Tech Investment Scammer Takes Up Coding?

Krebs on Security

John Clifton Davies , a 60-year-old con man from the United Kingdom who fled the country in 2015 before being sentenced to 12 years in prison for fraud, has enjoyed a successful life abroad swindling technology startups by pretending to be a billionaire investor. Davies’ newest invention appears to be “ CodesToYou ,” which purports to be a “full cycle software development company” based in the U.K.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: The role advanced ‘VM’ is ideally suited to play in combating modern cyber attacks

The Last Watchdog

Modern cyber attacks are ingenious — and traditional vulnerability management, or VM, simply is no longer very effective. Related: Taking a risk-assessment approach to VM Unlike a typical cyber attack that exploits a software vulnerability, recent cyber attacks exploit other security risks, such as misconfigurations, security deviations, and posture anomalies.

Risk 208
article thumbnail

Chinese E-Commerce Giant Pinduoduo Allegedly Spies on Users

Data Breach Today

Popular Budget App Was Suspended From Play Store in March Days after Google suspended the popular budget e-commerce application Pinduoduo from its Play Store, researchers are alleging that the Chinese app can bypass phones' security and monitor activities of other apps, including accessing private messages and changing settings.

Access 144
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

ICE Is Grabbing Data From Schools and Abortion Clinics

WIRED Threat Level

An agency database WIRED obtained reveals widespread use of so-called 1509 summonses that experts say raises the specter of potential abuse.

Privacy 142

More Trending

article thumbnail

List of Data Breaches and Cyber Attacks in March 2023 – 41.9 Million Records Breached

IT Governance

Welcome to our March 2023 list of data breaches and cyber attacks. Our research identified exactly 100 publicly disclosed incidents during the month, accounting for 41,970,182 breached records. You can find the full list of data breaches and cyber attacks below, including our new feature in which we delve into the month’s biggest incidents in a little more detail.

article thumbnail

Chinese E-Commerce Giant Pinduoduo Allegedly Spys on Users

Data Breach Today

Popular Budget App Was Suspended from Play Store in March Days after Google suspended the popular budget e-commerce application Pinduoduo from its Play Store, researchers are alleging that the Chinese app can bypass phones' security and monitor activities of other apps, including access to private messages and changing settings.

Access 144
article thumbnail

'Proxyjacking' Cybercriminals Exploit Log4J in Emerging, Lucrative Cloud Attacks

Dark Reading

Proxyjacking is an emerging, low-effort and high-reward attack for threat actors, with the potential for far-reaching implications.

Cloud 118
article thumbnail

How Post-Quantum Encryption Mandates Affect Healthcare

Data Breach Today

A 3-month-old federal law meant to future-proof federal computers from quantum computer decryption will have an effect on healthcare sector entities, too, says Mac McMillan, founder and CEO emeritus of privacy and security consulting firm CynergisTek.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Ukrainian Police Take Down Cybercrime Ring

KnowBe4

The Cyber Police of Ukraine have arrested twelve alleged members of an organized cybercrime group that’s stolen approximately $4.3 million from users across Europe, the Hacker News reports.

97
article thumbnail

Cybereason Taps SoftBank's Eric Gan to Replace CEO Lior Div

Data Breach Today

$100M SoftBank Cash Infusion Coincides With First-Ever CEO Change at Cybereason For the first time in its 11-year history, endpoint security vendor Cybereason will have a new leader. Upon receiving a $100 million cash infusion from SoftBank, the Boston-based firm announced that longtime SoftBank executive Eric Gan will take over as CEO to replace co-founder Lior Div.

Security 130
article thumbnail

Fake ChatGPT Scam Turns into a Fraudulent Money-Making Scheme

KnowBe4

Using the lure of ChatGPT’s AI as a means to find new ways to make money, scammers trick victims using a phishing -turned-vishing attack that eventually takes victim’s money.

article thumbnail

Western Digital took its services offline due to a security breach

Security Affairs

Western Digital disclosed a security breach, according to the company an unauthorized party gained access to multiple systems. Western Digital has shut down several of its services after discovering a security breach, the company disclosed that an unauthorized party gained access to multiple systems. “Western Digital is currently experiencing a service outage impacting the following products: My Cloud, My Cloud Home, My Cloud Home Duo, My Cloud OS5, SanDisk ibi, SanDisk Ixpand Wireless Cha

IT 91
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

4 Steps for Shifting Left & Winning the Cybersecurity Battle

Dark Reading

If companies prioritize communications and make the DevOps process more transparent, team members will better know what vulnerabilities to look for.

article thumbnail

UK outsourcing services provider Capita suffered a cyber incident

Security Affairs

UK outsourcing services provider Capita confirmed that the outage suffered on Friday was caused by a cyberattack. Capita, the UK outsourcing giant, confirmed that its staff was locked out of their accounts on Friday after a cyber incident. Capita is one of the government’s biggest suppliers, with £6.5bn of public sector contracts, reported The Guardian.

article thumbnail

3CX Breach Widens as Cyberattackers Drop Second-Stage Backdoor

Dark Reading

"Gopuram" is a backdoor that North Korea's Lazarus Group has used in some campaigns dating back to 2020, some researchers say.

103
103
article thumbnail

Latitude Forced To Stop Adding New Customers in Aftermath of Breach

KnowBe4

Looks like Latitude Finance is trying to give consumers more "latitude" in their exposure to cyber risks. The Australian finance company admittedly fell victim to an attack that has exposed customer data and Latitude Financial has been forced to stop adding new customers from clients such as Apple, Harvey Norman and JB Hi-Fi as it tries to contain the damage from criminals, who still appear to be active in its computer systems.

Risk 86
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Moobot botnet spreads by targeting Cacti and RealTek flaws

Security Affairs

The Moobot botnet is actively exploiting critical vulnerabilities in Cacti, and Realtek in attacks in the wild. FortiGuard Labs researchers observed an ongoing hacking campaign targeting Cacti ( CVE-2022-46169 ) and Realtek ( CVE-2021-35394 ) vulnerabilities to spread ShellBot and Moobot malware. The ShellBot , also known as PerlBot, is a Perl-based DDoS bot that uses IRC protocol for C2 communications.

article thumbnail

Majority of Government Employees are Partially Working Virtually Despite Increased User-Related Cyber Risks

KnowBe4

New global data shows that those government employees that work solely in the office are the new minority, IT lacks visibility, and user actions put the government at risk.

article thumbnail

For Cybercrime Gangs, Professionalization Comes With 'Corporate' Headaches

Dark Reading

They rake in millions, but now, as much as zero-days and ransoms, cybercriminals are dealing with management structures and overhead.

96
article thumbnail

Microsoft fixed Azure AD bug that led to Bing.com results manipulation and account takeover

Security Affairs

Microsoft addressed a misconfiguration flaw in the Azure Active Directory ( AAD ) identity and access management service. Microsoft has addressed a misconfiguration issue impacting the Azure Active Directory (AAD) identity and access management service that exposed multiple Microsoft applications, including the Bing management portal, to unauthorized access.

CMS 82
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Data Breach Strikes Western Digital

Dark Reading

The company behind digital storage brand SanDisk says its systems were compromised on March 26.

article thumbnail

UK Runs Fake DDoS-for-Hire Sites

Schneier on Security

Brian Krebs is reporting that the UK’s National Crime Agency is setting up fake DDoS-for-hire sites as part of a sting operation: The NCA says all of its fake so-called “booter” or “stresser” sites -­ which have so far been accessed by several thousand people—have been created to look like they offer the tools and services that enable cyber criminals to execute these attacks. “However, after users register, rather than being given access to cyber crime t

Access 79
article thumbnail

How Good Is Your Advanced Threat Management?

Dark Reading

Whether protecting a financial institution or a hospital, everyone needs an effective strategy for fending off slippery threats like those that hide in memory.

83
article thumbnail

Mid-Sized Businesses Lack the Staffing, Expertise, and Resources to Defend Against Cyberattacks

KnowBe4

Mid-sized businesses – those with 250 to 2000 employees – don’t appear to have what they need to fend off attacks in a number of critical ways.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

DoJ Recovers $112M in Crypto Stolen With Romance Scams

Dark Reading

Authorities claw back funds from six crypto accounts they say were linked to a "pig-butchering" cybercrime ring.

87
article thumbnail

Mullvad VPN and Tor Project Create New Privacy-Focused Mullvad Browser

WIRED Threat Level

Mullvad Browser, a collaboration between the nonprofit and Mullvad VPN, offers an anti-tracking browser designed to be used with a VPN.

Privacy 80
article thumbnail

Top 5 reasons to come to OpenText World EMEA 2023 – Innovation Summits

OpenText Information Management

Reimagine information management. Explore new ways you can use information to work smarter and truly deliver on the promise of the Information Age. Join us at OpenText World EMEA 2023 – Innovation Summits (in person or online!) to find intelligent, connected, secure, responsible, and scalable solutions for your organization. If you can, join us in-person … The post <strong>Top 5 reasons to come to OpenText World EMEA 2023 – Innovation Summits</strong> appeared first on Open