Wed.Jun 07, 2023

article thumbnail

Suspected Nation-State Actors Target US Aerospace Industry

Data Breach Today

PowerDrop Malware Simple But Sophisticated Suspected nation-state hackers are using that malware researchers say straddles between the line between off-the-shelf and advanced tactics in order to target the U.S. aerospace industry. Researchers from Adlumin in May found the malware on a defense contractor's network.

154
154
article thumbnail

FBI: Sextortionist Campaigns Use Deepfakes to Target Children, Adults

Dark Reading

Threat actors are lifting public images and videos from the Internet, altering them, and posting them online in a new wave of sextortion campaigns.

114
114
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cybersecurity Challenges and Opportunities With AI Chatbots

Data Breach Today

'Preparedness Pays,' European AI and Cybersecurity Experts Say at ENISA Conference At the EU cybersecurity agency ENISA's recent conference on the cybersecurity upsides and downsides of AI chatbots, presenters urged "preparedness," recommending that cybersecurity professionals track the "warp speed" evolution of chatbots to target emerging risks as well as opportunities.

article thumbnail

Email Retention Policies Could Change in Spokane County via Government Technology

IG Guru

Officials in Spokane County, Wash., are considering changes to email retention policies as a means of saving money on storage costs. The county pays about $52,000 a year to save well over 10 terabytes of emails.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

A CISO's View: How to Handle an Insider Threat

Data Breach Today

Security Director Ian Keller on Enabling Responsible Disclosure Within Your Company In this post of his blog "A CISO's View," security director Ian Keller discusses the importance of having mechanisms in place to report potential personal compromise or potential compromise of another person in your company and provides simple steps for making security everyone's responsibility.

Security 143

More Trending

article thumbnail

Hospital Worker Sentenced for HIPAA Crimes in ID Theft Scam

Data Breach Today

Former Employee Gets 4.5 Years in Federal Prison and Is Ordered to Repay Patients A former employee of an Arizona hospital has been sentenced to federal prison and ordered to pay restitution to victims after pleading guilty to criminal HIPAA violations and his participation in an identity theft scam that compromised the data of nearly 500 patients.

143
143
article thumbnail

Security Buyers Are Consolidating Vendors: Gartner Security Summit

eSecurity Planet

IT security buyers are consolidating vendors at an overwhelming rate, according to a speaker at this week’s Gartner Security & Risk Management Summit. In a session on cybersecurity market trends and growth opportunities, Gartner analyst and VP Neil MacDonald said 75% of security buyers are pursuing vendor consolidation, up from just 29% in 2020. “Customers want fewer providers,” he said.

article thumbnail

Shedding New Light on Software Visibility in the Age of SBOM

Data Breach Today

Center for Internet Security CISO on 'Transitional' State of Software Supply Chain With the federal government's software bill of materials regulations looming, many organizations are not ready to respond, warned CISO Sean Atkinson of the Center for Internet Security. He provided tips for ensuring transparency in the software supply chain and preparing for SBOM regulations.

article thumbnail

The Case for a Federal Cyber-Insurance Backstop

Dark Reading

By stepping in to provide aid, the federal government could help protect companies, insurers, and the economy from the impact of a widespread, catastrophic cyberattack.

article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

Dragos Lays Off 9% of Workers as OT Security Spending Slows

Data Breach Today

50 Staffers Axed as Dragos Sees Longer Sales Cycles and Smaller Initial Deployments Dragos has axed 50 workers after longer sales cycles and smaller initial deployment sizes caused the industrial cybersecurity vendor to miss its first quarter revenue target. Dragos revealed plans to reduce its staff by 9% to ensure the company can stay independent through an IPO or Series E round.

Sales 143
article thumbnail

Smishing Campaign Expands to the Middle East

KnowBe4

A Chinese-speaking phishing gang has expanded its targeting from the Asia-Pacific region to the Middle East, researchers at Group-IB have found. The gang, which the researchers call “PostalFurious,” impersonated a toll operator and a postal service in the Middle East.

article thumbnail

Clop Ransomware Gang Asserts It Hacked MOVEit Instances

Data Breach Today

Russian-Speaking Extortion Operation Says It Will Start Listing Victims on June 14 The Clop ransomware-as-a-service gang said it's the actor behind a spate of hacks taking advantage of a vulnerability in Progress Software's MOVEit managed file transfer application. "We download alot [ sic ] of your data as part of exceptional exploit," the gang's dark web leak site says.

article thumbnail

+60,000 Android apps spotted hiding adware for past six months

Security Affairs

Bitdefender researchers have discovered 60,000 different Android apps secretly installing adware in the past six months. Bitdefender announced the discovery of more than 60,000 Android apps in the past six months that were spotted installing adware on Android devices. The researchers discovered the hidden adware by using a recently announced anomaly detection technology incorporated into Bitdefender Mobile Security. “Upon analysis, the campaign is designed to aggressively push adware to

article thumbnail

Launching LLM-Based Products: From Concept to Cash in 90 Days

Speaker: Christophe Louvion, Chief Product & Technology Officer of NRC Health and Tony Karrer, CTO at Aggregage

Christophe Louvion, Chief Product & Technology Officer of NRC Health, is here to take us through how he guided his company's recent experience of getting from concept to launch and sales of products within 90 days. In this exclusive webinar, Christophe will cover key aspects of his journey, including: LLM Development & Quick Wins 🤖 Understand how LLMs differ from traditional software, identifying opportunities for rapid development and deployment.

article thumbnail

How Attorneys Are Harming Cybersecurity Incident Response

Schneier on Security

New paper: “ Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys “: Abstract: Incident Response (IR) allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of these goals, technical practitioners are increasingly influenced by stakeholders like cyber insurers and lawyers.

article thumbnail

VMware fixes a command injection flaw CVE-2023-20887 in VMware Aria Operations for Networks

Security Affairs

Virtualization giant VMware addressed critical and high-severity vulnerabilities in VMware Aria Operations for Networks. Virtualization technology giant VMware released security patches to address three critical and high-severity vulnerabilities, tracked as CVE-2023-20887, CVE-2023-20888, CVE-2023-20889, in VMware Aria Operations for Networks. VMware Aria Operations for Networks (formerly vRealize Network Insight) is a network monitoring tool that helps organizations build an optimized, highly

article thumbnail

The Bizarre Reality of Getting Online in North Korea

WIRED Threat Level

New testimony from defectors reveals pervasive surveillance and monitoring of limited internet connections. For millions of others, the internet simply doesn't exist.

Privacy 89
article thumbnail

June 2023 Security Update for Android fixed Arm Mali GPU bug used by spyware?

Security Affairs

June 2023 security update for Android released by Google fixes about fifty flaws, including an Arm Mali GPU bug exploited by surveillance firms in their spyware. The June 2023 Android Security Bulletin provides details about the fix for more than fifty vulnerabilities affecting Android devices. Security updates released this month also addressed a vulnerability, tracked as CVE-2022-22706 , that affects the Arm Mali GPU.

article thumbnail

An Architect’s Guide for Selecting Scalable, Data-Layer Technologies

There’s no getting around it: selecting the right foundational data-layer components is crucial for long-term application success. That’s why we developed this white paper to give you insights into four key open-source technologies – Apache Cassandra®, Apache Kafka®, Apache Spark™, and OpenSearch® – and how to leverage them for lasting success. Discover everything you’ll want to know about scalable, data-layer technologies: Learn when to choose these technologies and when to avoid them Explore h

article thumbnail

Minecraft Malware Spreading Through Mods, Plug-ins

Dark Reading

A worm virus called "fracturizer" has been embedded in modpacks from various sites, including CurseForge and CraftBukkit.

101
101
article thumbnail

New PowerDrop malware targets U.S. aerospace defense industry

Security Affairs

A previously unknown threat actor has been observed targeting the U.S. aerospace defense sector with a new PowerShell malware dubbed PowerDrop. Researchers from the Adlumin Threat Research discovered a new malicious PowerShell script, dubbed PowerDrop, that was employed in attacks aimed at organizations in the U.S. aerospace sector. The PowerShell-based malware uses advanced techniques to evade detection, including deception, encoding, and encryption.

article thumbnail

Verizon: Email Reigns Supreme as Initial Attack Vector for Ransomware Attacks

KnowBe4

My analysis of this year’s newly-released Verizon Data Breach Investigations Report begins with ransomware findings that point back to users as a big problem.

article thumbnail

Clop ransomware gang claims the hack of hundreds of victims exploiting MOVEit Transfer bug

Security Affairs

Clop ransomware group claims to have hacked hundreds of companies globally by exploiting MOVEit Transfer vulnerability. The Clop ransomware group may have compromised hundreds of companies worldwide by exploiting a vulnerability in MOVEit Transfer software. MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files using SFTP, SCP, and HTTP-based uploads.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.

article thumbnail

Cyber Essentialism & 'Doing Less With Less'

Dark Reading

Cybersecurity benefits from a focus on the vital few chores rather than the trivial many. Find the "right things" to encourage strategic thinking, then move the culture needle to promote that policy.

article thumbnail

The Bold Plan to Create Cyber 311 Hotlines

WIRED Threat Level

UT-Austin will join a growing movement to launch cybersecurity clinics for cities and small businesses that often fall through the cracks.

article thumbnail

Microsoft Fined $20M For Xbox Child Data Collection

Dark Reading

The FTC has demanded additional data privacy protections for kids using Xbox gaming systems, extending COPPA protections.

article thumbnail

Why Do You Still Need Security Awareness Training If You Use Phishing-Resistant MFA?

KnowBe4

For years, KnowBe4 has been a long-time proponent of everyone using PHISHING-RESISTANT multi-factor authentication (MFA) whenever possible.

article thumbnail

What Is Entity Resolution? How It Works & Why It Matters

Entity Resolution Sometimes referred to as data matching or fuzzy matching, entity resolution, is critical for data quality, analytics, graph visualization and AI. Learn what entity resolution is, why it matters, how it works and its benefits. Advanced entity resolution using AI is crucial because it efficiently and easily solves many of today’s data quality and analytics problems.

article thumbnail

BioCatch Strengthens Collaboration With Microsoft Cloud for Financial Services

Dark Reading

Collaboration delivers end-to-end intelligent banking cloud platform with online fraud detection powered by next-generation behavioral biometrics.

article thumbnail

EDPB Elects a New Chair

Hunton Privacy

On May 25, 2023, the European Data Protection Board (“EDPB”) elected Anu Talus, head of the Finish data protection authority, as its new Chair, replacing Andrea Jelinek. The EDPB also elected Irene Loizidou Nikolaidou, head of the Cypriot data protection authority, as one of its Deputy Chairs, replacing Ventsislav Karadjov. The new Chair and Deputy Chair mandates a duration of five years.

IT 64
article thumbnail

Cisco Touts New AI-Based Security, SSE Features

Dark Reading

Cisco laid out its plans for artificial intelligence (AI) and a vision for unified cloud security during Cisco Live 2023.