Wed.Jan 27, 2021

article thumbnail

Ransomware: Should Governments Hack Cybercrime Cartels?

Data Breach Today

Banning Ransom Payments and Unleashing Offensive Hacking Teams Being Mooted With ransomware continuing to fuel a massive surge in illicit profits, some experts have been calling on governments to launch offensive hacking teams to target cybercrime cartels. They're also calling for a review of cyber insurance payouts being used to fund ransoms.

article thumbnail

Arrest, Seizures Tied to Netwalker Ransomware

Krebs on Security

U.S. and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. In connection with the seizure, a Canadian national suspected of extorting more than $27 million through the spreading of NetWalker was charged in a Florida court. The victim shaming site maintained by the NetWalker ransomware group, after being seized by authorities this week.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Tips on Securing Endpoints, Ensuring Compliance

Data Breach Today

Matthew Burns of HCL Software discusses securing endpoints and ensuring compliance during exceptional times in an interview following a recent series of virtual roundtables on the subject.

article thumbnail

ADT Security Camera Flaw Opened Homes, Stores to Eavesdropping

Threatpost

Researchers publicly disclosed flaws in ADT's LifeShield DIY HD Video Doorbell, which could have allowed local attackers to access credentials, video feeds and more.

Security 127
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Netscout: 10 Million DDoS Attacks in 2020

Data Breach Today

Researchers Say Pandemic Triggered Surge in Activity The number of distributed denial-of-service attacks launched in 2020 surpassed 10 million, up from 8.5 million in 2019, according to NetScout's Atlas Security Engineering and Response Team.

Security 306

More Trending

article thumbnail

Pirated Software Sites Deliver Fresh DanaBot Malware

Data Breach Today

Banking Trojan Hidden in Pirated Software Keys Websites advertising pirated and cracked software are being used to deliver an updated version of the DanaBot banking Trojan, which can steal individuals' online banking credentials, according to Proofpoint.

292
292
article thumbnail

Law enforcement announced global action against NetWalker Ransomware

Security Affairs

A joint operation of U.S. and EU law enforcement authorities allowed the seizure of the leak sites used by NetWalker ransomware operators. Law enforcement authorities in the U.S. and Europe have seized the dark web sites used by NetWalker ransomware operators. The authorities also charged a Canadian national involved in the NetWalker ransomware operations. “The Department of Justice today announced a coordinated international law enforcement action to disrupt a sophisticated form of ransom

article thumbnail

Phishing Campaign Features Fake Office 365 Update

Data Breach Today

Trend Micro Says Campaign Designed to Steal Executives' Credentials A targeted phishing campaign is using a fake Microsoft Office 365 update to steal email credentials from business executives, and the credentials are then being offered for sale in underground forums, security firm Trend Micro reports.

Phishing 259
article thumbnail

Pwn2Own 2021, more than $1,500,000 in cash and prizes for contestants

Security Affairs

Trend Micro’s Zero Day Initiative announced the Pwn2Own Vancouver 2021 hacking competition that will also cover Zoom, MS Teams Exploits. Trend Micro’s Zero Day Initiative (ZDI) on this week announced the forthcoming Pwn2Own Vancouver 2021 hacking competition that will take place on April 6-8. The organizers provided information about the targets, prizes and rules for the competition.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Cypriot Hacker Pleads Guilty to Data Theft, Extortion

Data Breach Today

Joshua Polloso Epifaniou Was Extradited to the US in June 2020 A Cypriot hacker has pleaded guilty to a pair of federal charges after admitting that he hacked the websites of several U.S. organizations, stole data and then threatened to disclose it unless a ransom was paid, federal prosecutors say.

IT 261
article thumbnail

Apple addresses three iOS zero-day flaws exploited in the wild

Security Affairs

Apple has addressed three zero-day vulnerabilities in its iOS operating system that have been exploited in the wild. Apple has addressed three zero-day vulnerabilities in iOS that have been exploited in the wild with the release of security updates (iOS 14.4). The first zero-day issue, tracked as CVE-2021-1782, is a race condition that resides in the iOS operating system kernel. “A malicious application may be able to elevate privileges.

Security 117
article thumbnail

Police Disrupt Emotet Botnet

Data Breach Today

Authorities Gain Control of Hundreds of Servers A multinational law enforcement operation has disrupted the Emotet botnet's infrastructure by gaining control of hundreds of servers, Europol reports. Some cybersecurity experts, however, expect the botnet operation to rebound.

article thumbnail

Go further, faster without leaving your home office

OpenText Information Management

Legalweek(year), like everything else in our lives at present, will look different this year. We won’t be gathering in NYC to socialize and have face-to-face conversations; we won’t be going out for dinner or drinks. You might be asking yourself – why attend? During your busy work schedule, why set time aside to engage in … The post Go further, faster without leaving your home office appeared first on OpenText Blogs.

109
109
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Forrester Nordics Discussion: Re-Evaluating Appsec & Devops

Data Breach Today

Application Security Weaknesses Persist View this webinar to learn about the latest challenges and trends impacting AppSec.

Security 236
article thumbnail

Emotet Botnet dismantled in a joint international operation

Security Affairs

A global operation of law enforcement has dismantled the infrastructure of the infamous Emotet botnet. A global operation of law enforcement, lead by Europol, has dismantled the infrastructure of the infamous Emotet botnet. The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. In the middle-August, the malware was employed in fresh COVID19-themed spam campaign.

Libraries 111
article thumbnail

Fleeing WhatsApp for Privacy? Don't Turn to Telegram

WIRED Threat Level

Because the chat app doesn't encrypt conversations by default—or at all for group chats—security professionals often warn against it.

Privacy 128
article thumbnail

Dutch Insider Attack on COVID-19 Data

Schneier on Security

Insider data theft : Dutch police have arrested two individuals on Friday for allegedly selling data from the Dutch health ministry’s COVID-19 systems on the criminal underground. […]. According to Verlaan, the two suspects worked in DDG call centers, where they had access to official Dutch government COVID-19 systems and databases. They were working from home: “Because people are working from home, they can easily take photos of their screens.

Risk 105
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Remote Attackers Can Now Reach Protected Network Devices via NAT Slipstreaming

Threatpost

A new version of NAT slipstreaming allows cybercriminals an easy path to devices that aren't connected to the internet.

Security 123
article thumbnail

5 key privacy trends for 2021

IT Governance

As organisations become increasingly reliant on the use of personal data, the risks they face grow exponentially. We saw last year a record number of data breaches and a surge in penalties for regulatory violations , but 2021 is set to be even more perilous as the public demand for data privacy grows, COVID-19 scams continue and data protection laws get more complex following Brexit.

Privacy 98
article thumbnail

4 Clues to Spot a Bot Network

Dark Reading

Protect against misinformation and disinformation campaigns by learning how to identify the bot networks spreading falsehoods.

116
116
article thumbnail

Sudo Bug Gives Root Access to Mass Numbers of Linux Systems

Threatpost

Qualys said the vuln gives any local user root access to systems running the most popular version of Sudo.

Access 112
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Intl. Law Enforcement Operation Disrupts Emotet Botnet

Dark Reading

Global law enforcement agencies have seized control of Emotet infrastructure, disrupting one of the world's most pervasive and dangerous cyber threats.

104
104
article thumbnail

TeamTNT Cloaks Malware With Open-Source Tool

Threatpost

The detection-evasion tool, libprocesshider, hides TeamTNT's malware from process-information programs.

111
111
article thumbnail

Data Privacy Day 2021: Pandemic Response Data Must Align with Data Privacy Rules

Dark Reading

Amid a pandemic, Data Privacy Day this year brings forth expanded responsibilities for organizations in the response to COVID-19.

article thumbnail

Emotet Takedown Disrupts Vast Criminal Infrastructure; NetWalker Site Offline

Threatpost

Hundreds of servers and 1 million Emotet infections have been dismantled globally, while tales have emerged on Twitter that NetWalker's Dark Web leaks site is offline.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

LogoKit Group Aims for Simple Yet Effective Phishing

Dark Reading

A phishing kit that uses embedded JavaScript targeted the users of more than 300 sites in the past week, aiming to grab credentials for SharePoint, Adobe Document Cloud, and OneDrive.

Phishing 113
article thumbnail

NetWalker Ransomware Suspect Charged: Tor Site Seized

Threatpost

The suspect allegedly has extorted $27.6 million from ransomware victims, mostly in the healthcare sector.

article thumbnail

A Micro Focus-Led Tour of Legalweek(year)

Micro Focus

The premier event for legal technology is going virtual for the first time. As a proud sponsor of Legalweek(year) 2021, we at Micro Focus would like to give you a brief tour of the event. First stop: Event preview Let’s start the tour with an overview of the conference. Thousands of legal professionals will gather. View Article.