Krebs on Security

JUNE 8, 2023

It’s not often that a zero-day vulnerability causes a network security vendor to urge customers to physically remove and decommission an entire line of affected hardware — as opposed to just applying software updates. But experts say that is exactly what transpired this week with Barracuda Networks , as the company struggled to combat a sprawling malware threat which appears to have undermined its email security appliances in such a fundamental way that they can no longer be safely u

IT 302

IT Security Ransomware Encryption 302

Data Breach Today

JUNE 8, 2023

Also: More on MOVEit, Motherboard Vulnerabilities, Bugs and Ransomware This week: Barracuda Networks recalls hacked email security appliances, the latest on MOVEit, and a Gigabyte motherboard firmware security vulnerability is exposed. Also, researchers detail a patched flaw in the Microsoft Visual Studio extension installer, and ransomware hits across the globe.

Ransomware 264

Ransomware Security 264

The Last Watchdog

JUNE 8, 2023

When Threat Intelligence Platform ( TIP ) and Security Orchestration, Automation and Response ( SOAR ) first arrived a decade or so ago, they were heralded as breakthrough advances. Related: Equipping SOCs for the long haul TIP and SOAR may yet live up to that promise. I had an evocative discussion about this at RSA Conference 2023 with Willy Leichter , vice president of marketing, and Neal Dennis , threat intelligence specialist, at Cyware , which supplies a cyber fusion solution built around a

Cloud 134

Cloud Marketing Ransomware Cybersecurity 134

Data Breach Today

JUNE 8, 2023

Healthcare Sector Poised for Tide of Breaches Linked to The MOVEit Vulnerability Hackers stole personal information of up to 100,000 employees of Nova Scotia Health by exploiting the zero day in Progress Software's MOVEit managed file transfer application. The software is widely used in the healthcare sector, warned the U.S. federal government.

Government 147

Government 147

Advertisement

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

IT Governance

JUNE 8, 2023

Phishing is one of the most common and dangerous forms of cyber crime. For years, the deceptively simple attack method has tricked organisations and individuals into handing over sensitive information or downloading malware. All it takes is a well-crafted email, social media post or phone message, and an employee who is too negligent or unaware to spot that its true nature.

Phishing 111

Phishing Data breaches Communications Ransomware 111

Hunton Privacy

JUNE 8, 2023

On May 30, 2023, the Cyberspace Administration of China (“CAC ” ) issued the Guideline for Filing the Standard Contract for Cross-border Transfer of Personal Information (“SC”). On June 1, 2023, the SC became an effective mechanism for transferring personal data outside of China. When using the SC as a transfer mechanism, it must be filed with the CAC and the new Guideline provides guidance for doing so.

Personal data 98

Personal data IT Access Cybersecurity 98

Data Breach Today

JUNE 8, 2023

Also: Atomic Wallet, Tornado Cash, Coin Dispute Network, Crypto Hacks Down This week: A U.S. federal court issued a summons to Binance CEO Changpeng Zhao, Lazarus may be behind the $35 million Atomic Wallet heist, and Manhattan prosecutors seized a scam crypto recovery website. Also, the Blockchain Association weighs in on Tornado Cash, and crypto security attacks decline.

Blockchain 147

Blockchain Security 147

Dark Reading

JUNE 8, 2023

With more than 50,000 publicly leaked OpenAI keys on GitHub alone, OpenAI developer accounts are the third-most exposed in the world.

115

115

Data Breach Today

JUNE 8, 2023

Alleged Conspirators Each Face Up to 40 Years in Prison U.S. federal prosecutors unsealed indictments Wednesday against six Houston-area men for an alleged six-month spree of business email compromise thefts adding up to nearly $6 million. Business email compromise is a mainstay of social engineering fraud.

147

147

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Dark Reading

JUNE 8, 2023

Ready-to-defraud turnkey services from Russia's Impulse Team are offered on the cyber underground and have built a campaign that has operated undetected dating back to 2016.

97

97

Data Breach Today

JUNE 8, 2023

High Court Unanimously Says ID Theft Cases Must Hinge on Actual ID Theft The Supreme Court on Thursday narrowed federal prosecutors' ability to bring identity theft charges in an opinion holding that misuse of another person's identification must be the crux of a criminal offense "rather than merely an ancillary feature of a billing method.

147

147

Dark Reading

JUNE 8, 2023

The Global Cybersecurity Forum branch, which will be in Riyadh, is meant to enable the exchange of ideas and facilitate international projects and partnerships.

Cybersecurity 102

Cybersecurity 102

Data Breach Today

JUNE 8, 2023

Suspected Belarusian Hacking Group Has Targeted Ukraine; Crime Crossover 'Unusual' Hacking group Asylum Ambuscade, which security researchers say aligns with Belarusian government interests, has an "unusual" twist: it appears to be mixing cybercrime - focused on banking and cryptocurrency customers - with cyberespionage, including attacks targeting Ukraine.

Government 147

Government Security IT 147

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Information Governance Perspectives

JUNE 8, 2023

My new book, The Bastard of Beverly Hills features a funny (but true) story about how, as a little boy, I played a small part in saving my parents and their friends from drowning at sea on the way to Catalina. It was the start of a long weekend, and the eccentric cohort that boarded the ship that day, comprised of some wildly successful folks in the entertainment industry, including noted publicist Warren Cowan , his socialite wife Barbara Gilbert (mother of Melissa Gilbert from Little House on

IT 96

IT 96

Dark Reading

JUNE 8, 2023

A campaign targeting mainly US users disguised malware in fake security software, game cracks, cheats, free Netflix, and other "modded" apps.

Security 101

Security 101

Thales Cloud Protection & Licensing

JUNE 8, 2023

Fine-grained Authorization: Protecting and controlling user access in a digital-first world madhav Fri, 06/09/2023 - 05:22 Strong and flexible customer authentication is a key driver for adopting a customer identity & access management (CIAM) solution, with customer experience and security being the apparent benefits. On the other side of the same coin, authorization is becoming a core capability prompting leaders to adopt more advanced CIAM solutions.

Access 87

Access Customer Experience Authentication Security 87

OpenText Information Management

JUNE 8, 2023

“Water, water, everywhere, nor any drop to drink.” — The Rime of the Ancient Mariner, Samuel Taylor Coleridge Precious commodities evolve over time, creating a reflection of what’s valued most in the world at any given moment. It started with fire, but water, coal, gold, a range of currencies and oil have all taken center … The post Overcome the overload appeared first on OpenText Blogs.

IT 90

IT Cloud Security 90

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Security Affairs

JUNE 8, 2023

Researchers published an exploit for an actively exploited Microsoft Windows vulnerability tracked as CVE-2023-29336. The Microsoft Windows vulnerability CVE-2023-29336 (CVSS score 7.8) is an elevation of privilege issue that resides in the Win32k component. Win32k.sys is a system driver file in the Windows operating system. The driver is responsible for providing the interface between user-mode applications and the Windows graphical subsystem.

Risk 93

Risk Cybersecurity Security Access 93

KnowBe4

JUNE 8, 2023

We occasionally learn of articles and papers that claim that security awareness training and/or simulated phishing campaigns are not effective. We don’t want to disparage what these individuals have found in their own experience, and we encourage everyone to find out how various social engineering mitigations work for themselves and their environments.

Phishing 80

Phishing Security awareness Paper Security 80

Security Affairs

JUNE 8, 2023

Barracuda warns customers to immediately replace Email Security Gateway (ESG) appliances impacted by the flaw CVE-2023-2868. At the end of May, the network security solutions provider Barracuda warned customers that some of its Email Security Gateway (ESG) appliances were recently breached by threat actors exploiting a now-patched zero-day vulnerability.

Security 84

Security Access Cybersecurity IT 84

IBM Big Data Hub

JUNE 8, 2023

Every year on June 8th, World Oceans Day provides a global platform to raise awareness about the value of our oceans and the critical need for their protection. One thing is for certain: oceans are vital to our existence. The importance of our oceans and coral reefs Oceans cover 70% of the Earth’s surface and is home to up to 80% of all life in the world.

Manufacturing 84

Manufacturing Data collection Analytics Marketing 84

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

KnowBe4

JUNE 8, 2023

While your users are getting ready for their next beach vacation, cybercriminals are preparing for their opportunity to strike. Check Point Research warns about this and common phishing attacks related to summer vacations.

Phishing 80

Phishing 80

Dark Reading

JUNE 8, 2023

The Texas city's networks have returned to 90% functionality following the May 3 Royal ransomware attack.

Ransomware 103

Ransomware 103

KnowBe4

JUNE 8, 2023

The New Verizon DBIR is a treasure trove of data. As we covered here , and here , people are one of the most common factors contributing to successful data breaches. Let’s drill down a bit more in the Social Engineering section.

Phishing 76

Phishing Data breaches 76

Troy Hunt

JUNE 8, 2023

I spent most of this week's update on the tweaking I went through with Azure's API Management service and then using Cloudflare to stop a whole bunch of requests that really didn't need to go all the way to the origin (or at least all the way to the API gateway sitting in front of the origin Azure Function instance). I'm still blown away by how cool this is - tweak the firewall via a web UI to inspect traffic and respond differently based on a combination of headers and respo

Compliance 77

Compliance Cloud IT 77

Advertisement

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

IT

Security Affairs

JUNE 8, 2023

Cisco addressed a high-severity flaw in Cisco Secure Client that can allow attackers to escalate privileges to the SYSTEM account. Cisco has fixed a high-severity vulnerability, tracked as CVE-2023-20178 (CVSS Score 7.8), found in Cisco Secure Client (formerly AnyConnect Secure Mobility Client) that can be exploited by low-privileged, authenticated, local attacker to escalate privileges to the SYSTEM account. “A vulnerability in the client update feature of Cisco AnyConnect Secure Mobility

Security 79

Security Authentication Encryption Access 79

Dark Reading

JUNE 8, 2023

In the wrong hands, malicious actors can use chatbots to unleash sophisticated cyberattacks that could have devastating consequences.

88

88

KnowBe4

JUNE 8, 2023

People are one of the most common factors contributing to successful data breaches. Let’s dive in deeper into the latest Verizon Data-Breach Investigations Report (DBIR) to find out how and why users are a contributor to the problem.

Data breaches 74

Data breaches 74