Wed.Jun 07, 2023

article thumbnail

+60,000 Android apps spotted hiding adware for past six months

Security Affairs

Bitdefender researchers have discovered 60,000 different Android apps secretly installing adware in the past six months. Bitdefender announced the discovery of more than 60,000 Android apps in the past six months that were spotted installing adware on Android devices. The researchers discovered the hidden adware by using a recently announced anomaly detection technology incorporated into Bitdefender Mobile Security. “Upon analysis, the campaign is designed to aggressively push adware to

article thumbnail

The Bizarre Reality of Getting Online in North Korea

WIRED Threat Level

New testimony from defectors reveals pervasive surveillance and monitoring of limited internet connections. For millions of others, the internet simply doesn't exist.

Privacy 203
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

VMware fixes a command injection flaw CVE-2023-20887 in VMware Aria Operations for Networks

Security Affairs

Virtualization giant VMware addressed critical and high-severity vulnerabilities in VMware Aria Operations for Networks. Virtualization technology giant VMware released security patches to address three critical and high-severity vulnerabilities, tracked as CVE-2023-20887, CVE-2023-20888, CVE-2023-20889, in VMware Aria Operations for Networks. VMware Aria Operations for Networks (formerly vRealize Network Insight) is a network monitoring tool that helps organizations build an optimized, highly

article thumbnail

The Bold Plan to Create Cyber 311 Hotlines

WIRED Threat Level

UT-Austin will join a growing movement to launch cybersecurity clinics for cities and small businesses that often fall through the cracks.

article thumbnail

From Curiosity to Competitive Edge: How Mid-Market CEOs Are Using AI to Scale Smarter

Speaker: Lee Andrews, Founder at LJA New Media & Tony Karrer, Founder and CTO at Aggregage

This session will walk you through how one CEO used generative AI, workflow automation, and sales personalization to transform an entire security company—then built the Zero to Strategy framework that other mid-market leaders are now using to unlock 3.5x ROI. As a business executive, you’ll learn how to assess AI opportunities in your business, drive adoption across teams, and overcome internal resource constraints—without hiring a single data scientist.

article thumbnail

June 2023 Security Update for Android fixed Arm Mali GPU bug used by spyware?

Security Affairs

June 2023 security update for Android released by Google fixes about fifty flaws, including an Arm Mali GPU bug exploited by surveillance firms in their spyware. The June 2023 Android Security Bulletin provides details about the fix for more than fifty vulnerabilities affecting Android devices. Security updates released this month also addressed a vulnerability, tracked as CVE-2022-22706 , that affects the Arm Mali GPU.

Security 246

More Trending

article thumbnail

New PowerDrop malware targets U.S. aerospace defense industry

Security Affairs

A previously unknown threat actor has been observed targeting the U.S. aerospace defense sector with a new PowerShell malware dubbed PowerDrop. Researchers from the Adlumin Threat Research discovered a new malicious PowerShell script, dubbed PowerDrop, that was employed in attacks aimed at organizations in the U.S. aerospace sector. The PowerShell-based malware uses advanced techniques to evade detection, including deception, encoding, and encryption.

article thumbnail

Suspected Nation-State Actors Target US Aerospace Industry

Data Breach Today

PowerDrop Malware Simple But Sophisticated Suspected nation-state hackers are using that malware researchers say straddles between the line between off-the-shelf and advanced tactics in order to target the U.S. aerospace industry. Researchers from Adlumin in May found the malware on a defense contractor's network.

162
162
article thumbnail

Clop ransomware gang claims the hack of hundreds of victims exploiting MOVEit Transfer bug

Security Affairs

Clop ransomware group claims to have hacked hundreds of companies globally by exploiting MOVEit Transfer vulnerability. The Clop ransomware group may have compromised hundreds of companies worldwide by exploiting a vulnerability in MOVEit Transfer software. MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads.

article thumbnail

Cybersecurity Challenges and Opportunities With AI Chatbots

Data Breach Today

'Preparedness Pays,' European AI and Cybersecurity Experts Say at ENISA Conference At the EU cybersecurity agency ENISA's recent conference on the cybersecurity upsides and downsides of AI chatbots, presenters urged "preparedness," recommending that cybersecurity professionals track the "warp speed" evolution of chatbots to target emerging risks as well as opportunities.

article thumbnail

Agent Tooling: Connecting AI to Your Tools, Systems & Data

Speaker: Alex Salazar, CEO & Co-Founder @ Arcade | Nate Barbettini, Founding Engineer @ Arcade | Tony Karrer, Founder & CTO @ Aggregage

There’s a lot of noise surrounding the ability of AI agents to connect to your tools, systems and data. But building an AI application into a reliable, secure workflow agent isn’t as simple as plugging in an API. As an engineering leader, it can be challenging to make sense of this evolving landscape, but agent tooling provides such high value that it’s critical we figure out how to move forward.

article thumbnail

FBI: Sextortionist Campaigns Use Deepfakes to Target Children, Adults

Dark Reading

Threat actors are lifting public images and videos from the Internet, altering them, and posting them online in a new wave of sextortion campaigns.

114
114
article thumbnail

A CISO's View: How to Handle an Insider Threat

Data Breach Today

Security Director Ian Keller on Enabling Responsible Disclosure Within Your Company In this post of his blog "A CISO's View," security director Ian Keller discusses the importance of having mechanisms in place to report potential personal compromise or potential compromise of another person in your company and provides simple steps for making security everyone's responsibility.

Security 147
article thumbnail

Verizon: Email Reigns Supreme as Initial Attack Vector for Ransomware Attacks

KnowBe4

My analysis of this year’s newly-released Verizon Data Breach Investigations Report begins with ransomware findings that point back to users as a big problem.

article thumbnail

Hospital Worker Sentenced for HIPAA Crimes in ID Theft Scam

Data Breach Today

Former Employee Gets 4.5 Years in Federal Prison and Is Ordered to Repay Patients A former employee of an Arizona hospital has been sentenced to federal prison and ordered to pay restitution to victims after pleading guilty to criminal HIPAA violations and his participation in an identity theft scam that compromised the data of nearly 500 patients.

147
147
article thumbnail

Automation, Evolved: Your New Playbook for Smarter Knowledge Work

Speaker: Frank Taliano

Documents are the backbone of enterprise operations, but they are also a common source of inefficiency. From buried insights to manual handoffs, document-based workflows can quietly stall decision-making and drain resources. For large, complex organizations, legacy systems and siloed processes create friction that AI is uniquely positioned to resolve.

article thumbnail

AI Will Save Security – And Eliminate Jobs

eSecurity Planet

AI has been the subject of a lot of hype in recent months, but one place where the hype is justified is cybersecurity. AI will completely remake the cybersecurity landscape — and create a lot of disruption in the process. To cut to the chase before we get into the details: AI will make security worse before it makes it significantly better, but at the cost of a lot of jobs.

Security 104
article thumbnail

Shedding New Light on Software Visibility in the Age of SBOM

Data Breach Today

Center for Internet Security CISO on 'Transitional' State of Software Supply Chain With the federal government's software bill of materials regulations looming, many organizations are not ready to respond, warned CISO Sean Atkinson of the Center for Internet Security. He provided tips for ensuring transparency in the software supply chain and preparing for SBOM regulations.

article thumbnail

How Attorneys Are Harming Cybersecurity Incident Response

Schneier on Security

New paper: “ Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys “: Abstract: Incident Response (IR) allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of these goals, technical practitioners are increasingly influenced by stakeholders like cyber insurers and lawyers.

Insurance 104
article thumbnail

Dragos Lays Off 9% of Workers as OT Security Spending Slows

Data Breach Today

50 Staffers Axed as Dragos Sees Longer Sales Cycles and Smaller Initial Deployments Dragos has axed 50 workers after longer sales cycles and smaller initial deployment sizes caused the industrial cybersecurity vendor to miss its first quarter revenue target. Dragos revealed plans to reduce its staff by 9% to ensure the company can stay independent through an IPO or Series E round.

Sales 147
article thumbnail

State of AI in Sales & Marketing 2025

AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.

article thumbnail

Minecraft Malware Spreading Through Mods, Plug-ins

Dark Reading

A worm virus called "fracturizer" has been embedded in modpacks from various sites, including CurseForge and CraftBukkit.

101
101
article thumbnail

Clop Ransomware Gang Asserts It Hacked MOVEit Instances

Data Breach Today

Russian-Speaking Extortion Operation Says It Will Start Listing Victims on June 14 The Clop ransomware-as-a-service gang said it's the actor behind a spate of hacks taking advantage of a vulnerability in Progress Software's MOVEit managed file transfer application. "We download alot [ sic ] of your data as part of exceptional exploit," the gang's dark web leak site says.

article thumbnail

Smishing Campaign Expands to the Middle East

KnowBe4

A Chinese-speaking phishing gang has expanded its targeting from the Asia-Pacific region to the Middle East, researchers at Group-IB have found. The gang, which the researchers call “PostalFurious,” impersonated a toll operator and a postal service in the Middle East.

article thumbnail

5 enhancements from WWDC to help Apple win the enterprise and change the future of work

Jamf

Apple’s Worldwide Developer Conference (WWDC) shows how Apple is leveraging its five major platforms to advance Apple's adoption in the enterprise. Here are the ways Apple is pushing each platform forward to continue winning in the workplace.

IT 98
article thumbnail

How to Achieve High-Accuracy Results When Using LLMs

Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage

When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m

article thumbnail

Email Retention Policies Could Change in Spokane County via Government Technology

IG Guru

Officials in Spokane County, Wash., are considering changes to email retention policies as a means of saving money on storage costs. The county pays about $52,000 a year to save well over 10 terabytes of emails.

article thumbnail

Security Buyers Are Consolidating Vendors: Gartner Security Summit

eSecurity Planet

IT security buyers are consolidating vendors at an overwhelming rate, according to a speaker at this week’s Gartner Security & Risk Management Summit. In a session on cybersecurity market trends and growth opportunities, Gartner analyst and VP Neil MacDonald said 75% of security buyers are pursuing vendor consolidation, up from just 29% in 2020. “Customers want fewer providers,” he said.

article thumbnail

Why Do You Still Need Security Awareness Training If You Use Phishing-Resistant MFA?

KnowBe4

For years, KnowBe4 has been a long-time proponent of everyone using PHISHING-RESISTANT multi-factor authentication (MFA) whenever possible.

article thumbnail

The Case for a Federal Cyber-Insurance Backstop

Dark Reading

By stepping in to provide aid, the federal government could help protect companies, insurers, and the economy from the impact of a widespread, catastrophic cyberattack.

article thumbnail

The GTM Intelligence Era: ZoomInfo 2025 Customer Impact Report

ZoomInfo customers aren’t just selling — they’re winning. Revenue teams using our Go-To-Market Intelligence platform grew pipeline by 32%, increased deal sizes by 40%, and booked 55% more meetings. Download this report to see what 11,000+ customers say about our Go-To-Market Intelligence platform and how it impacts their bottom line. The data speaks for itself!

article thumbnail

Clients can strengthen defenses for their data with IBM Storage Defender, now generally available

IBM Big Data Hub

We are excited to inform our clients and partners that IBM Storage Defender , part of our IBM Storage for Data Resilience portfolio, is now generally available. Enterprise clients worldwide continue to grapple with a threat landscape that is constantly evolving. Bad actors are moving faster than ever and are causing more lasting damage to data. According to an IBM report , cyberattacks like ransomware that used to take months to fully deploy can now take as little as four days.

article thumbnail

Microsoft Fined $20M For Xbox Child Data Collection

Dark Reading

The FTC has demanded additional data privacy protections for kids using Xbox gaming systems, extending COPPA protections.

article thumbnail

Integrating data center support: Lower costs and decrease downtime with your support strategy

IBM Big Data Hub

As organizations and their data centers embrace hybrid cloud deployments, they have a rapidly growing number of vendors and workloads in their IT environments. The proliferation of these vendors leads to numerous issues and challenges that overburden IT staff, impede clients’ core business innovations and development, and complicate the support and operation of these environments.

Cloud 66