Wed.Dec 02, 2020

article thumbnail

Serious Apple iOS Exploit Enabled Nearby Device Takeover

Data Breach Today

'Zero-Click Exploit' Hacked 'Any Device in Radio Proximity' via WiFi Until May, all Apple iOS devices were vulnerable to a "zero-click exploit" that would have allowed hackers to remotely gain complete control and view all emails, photos, private messages and more, says Google security researcher Ian Beer. He alerted Apple to multiple vulnerabilities - all now patched.

Security 321
article thumbnail

Account Hijacking Site OGUsers Hacked, Again

Krebs on Security

For at least the third time in its existence, OGUsers — a forum overrun with people looking to buy, sell and trade access to compromised social media accounts — has been hacked. An offer by the apparent hackers of OGUsers, offering to remove account information from the eventual database leak in exchange for payment. Roughly a week ago, the OGUsers homepage was defaced with a message stating the forum’s user database had been compromised.

Passwords 274
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

A New IVR Fraud Solution to Protect Banking Institutions and Customers

Data Breach Today

Pindrop's Mark Horne on How to Shift from Call-Centric to Account-Centric Defense Fraud in the interactive voice response channel was growing before the pandemic. Since? IVR fraud has become "a fraudsters' playground," says Mark Horne, CMO of Pindrop. He shares a new account-centric defensive solution.

219
219
article thumbnail

Russia-linked APT Turla used a new malware toolset named Crutch

Security Affairs

Russian-linked cyberespionage group Turla employed a new malware toolset, named Crutch, in targeted attacks aimed at high-profile targets. Russian-linked APT group Turla has used a previously undocumented malware toolset, named Crutch, in cyberespionage campaigns aimed at high-profile targets, including the Ministry of Foreign Affairs of a European Union country.

Archiving 120
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

K12, Online Curriculum Provider, Pays Ransom to Hackers

Data Breach Today

Ransomware Attackers Exfiltrated Data K12, a company offering online school curricula, says it paid a ransom after a recent ransomware attack in exchange for the hackers agreeing not to release stolen data.

More Trending

article thumbnail

Russian Hacking Group's Backdoor Uses Dropbox

Data Breach Today

Researchers Describe Turla Group's 'Crutch' Malware As part of a cyberespionage campaign, the Russian hacking group known as Turla deployed a backdoor called "Crutch" that uses Dropbox resources to help gather stolen data, according to the security firm ESET.

Security 223
article thumbnail

A Broken Piece of Internet Backbone Might Finally Get Fixed

WIRED Threat Level

Efforts to secure the Border Gateway Protocol have picked up critical momentum, including a big assist from Google.

Security 145
article thumbnail

FBI: BEC Scams Are Using Email Auto-Forwarding

Data Breach Today

Fraudsters' Tactics Make Detection More Difficult Fraudsters are increasingly exploiting the auto-forwarding feature in compromised email accounts to help conduct business email compromise scams, the FBI warns.

204
204
article thumbnail

iPhone Bug Allowed for Complete Device Takeover Over the Air

Threatpost

Researcher Ian Beer from Google Project Zero took six months to figure out the radio-proximity exploit of a memory corruption bug that was patched in May.

Security 122
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Interpol: Organized Crime to Capitalize on COVID-19 Vaccines

Data Breach Today

Meanwhile, North Korean Hackers Suspected of Targeting Vaccine Makers Interpol, the international law enforcement organization, is warning of a potential surge in organized crime activity tied to COVID-19 vaccines. The alert follows recent reports of spikes in alleged cyberattacks by suspected North Korean hackers against companies working on vaccines and treatments.

204
204
article thumbnail

Impressive iPhone Exploit

Schneier on Security

This is a scarily impressive vulnerability: Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device­ — over Wi-Fi, with no user interaction required at all. Oh, and exploits were wormable­ — meaning radio-proximity exploits could spread from one nearby device to another, once again, with no user interaction needed. […].

article thumbnail

DarkIRC Botnet Exploiting Oracle WebLogic Vulnerability

Data Breach Today

Researchers: Malware Offered for Sale for $75 A botnet called DarkIRC is exploiting a remote execution vulnerability in Oracle WebLogic, according to Juniper Threat Labs. Meanwhile, the malware used to create the botnet is being offered for sale on a darknet hacking forum.

Sales 176
article thumbnail

Multi-Vector Miner+Tsunami Botnet with SSH Lateral Movement

Security Affairs

Security researcher Tolijan Trajanovski ( @tolisec ) analyzed the multi-vector Miner+Tsunami Botnet that implements SSH lateral movement. A fellow security researcher, 0xrb , shared with me samples of a botnet that propagates using weblogic exploit. The botnet was also discovered by @ BadPackets 5 days ago and it is still active as of now, December 1, 2020.

Mining 99
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

This Company Uses AI to Outwit Malicious AI

WIRED Threat Level

Robust Intelligence is among a crop of companies that offer to protect clients from efforts at deception.

article thumbnail

New Mexico AG Files Notice of Appeal in Suit Against Google Regarding Alleged Violations of COPPA

Hunton Privacy

On November 27, 2020, New Mexico Attorney General Hector Balderas filed a notice of appeal to the U.S. Court of Appeals for the Tenth Circuit in the lawsuit it brought against Google on February 20, 2020, regarding alleged violations of the federal Children’s Online Privacy Protection Act (“COPPA”) in connection with G-Suite for Education (“GSFE”). As we previously reported , the U.S.

article thumbnail

DNS Filtering: A Top Battle Front Against Malware and Phishing

Threatpost

Peter Lowe with DNSFilter discusses the science behind domain name system (DNS) filtering and how this method is effective in blocking out phishing and malware.

article thumbnail

Rethinking work with APIs

OpenText Information Management

Faced with the rapid transition to remote work, the shift to digital customer interactions and global supply chain disruptions caused by the global pandemic, organizations are beginning to rethink the way they work. This has accelerated many digital transformation projects and led to an increased need for APIs (application programming interfaces) as organizations look to … The post Rethinking work with APIs appeared first on OpenText Blogs.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Turla’s ‘Crutch’ Backdoor Leverages Dropbox in Espionage Attacks

Threatpost

In a recent cyberattack against an E.U. country's Ministry of Foreign Affairs, the Crutch backdoor leveraged Dropbox to exfiltrate sensitive documents.

article thumbnail

Guidelines Published for Changes to the Singapore Data Privacy Regime

Data Matters

On November 20, 2020, the Singapore Personal Data Protection Commission (PDPC) published a set of draft advisory guidelines (the Advisory Guidelines) to provide clarification on recent amendments to the Personal Data Protection Act (the PDPA Amendments). We have summarized the PDPA Amendments in our previous client Update. The Advisory Guidelines address operational details on key amendments, as summarized below.

article thumbnail

Healthcare 2021: Cyberattacks to Center on COVID-19 Spying, Patient Data

Threatpost

The post-COVID-19 surge in the criticality level of medical infrastructure, coupled with across-the-board digitalization, will be big drivers for medical-sector cyberattacks next year.

article thumbnail

APT groups targets US Think Tanks, CISA, FBI warn

Security Affairs

Cybersecurity and Infrastructure Security Agency (CISA) and FBI are warning of attacks carried out by threat actors against United States think tanks. APT groups continue to target United States think tanks, the Cyber Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warn. The work of US think tanks has a great relevance for nation-state attackers that focus on the U.S. policy.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Microsoft Revamps ‘Invasive’ M365 Feature After Privacy Backlash

Threatpost

The Microsoft 365 tool that tracked employee usage of applications like Outlook, Skype and Teams was widely condemned by privacy experts.

Privacy 88
article thumbnail

Cybersecurity in the Biden Administration: Experts Weigh In

Dark Reading

Security pros and former government employees share their expectations and concerns for the new administration - and their hope for a "return to normal.

article thumbnail

Think-Tanks Under Attack by Foreign APTs, CISA Warns

Threatpost

The feds have seen ongoing cyberattacks on think-tanks (bent on espionage, malware delivery and more), using phishing and VPN exploits as primary attack vectors.

article thumbnail

Why I'd Take Good IT Hygiene Over Security's Latest Silver Bullet

Dark Reading

Bells and whistles are great, but you can stay safer by focusing on correct configurations, posture management, visibility, and patching.

IT 118
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Takeaways from 100th Anniversary Meeting of German Data Protection Authorities

Hunton Privacy

On November 26, 2020, the Conference of the German Data Protection Authorities ( Datenschutzkonferenz , the “DSK”) issued a press release with conclusions from their 100th anniversary meeting. Below is a summary of the key issues the DSK discussed, which focused on Schrems II implications: Windows 10: According to the press release, the DSK discussed data protection in the context of the Enterprise version of Microsoft’s Windows 10, in particular its telemetry functions, as well as the data prot

article thumbnail

Xerox DocuShare Bugs Allowed Data Leaks

Threatpost

CISA warns the leading enterprise document management platform is open to attack and urges companies to apply fixes.

Cloud 90
article thumbnail

Loyal Employee. or Cybercriminal Accomplice?

Dark Reading

Can the bad guys' insider recruitment methods be reverse-engineered to reveal potential insider threats? Let's take a look.

119
119