Fri.Dec 30, 2022

article thumbnail

LockBit Group Claims Attack on Port of Lisbon

Data Breach Today

Website Remains Down Following Christmas Day Attack One of Europe's busiest ports is added to the list of LockBit ransomware victims. The hacking group targeted Portugal's Port of Lisbon on Christmas day, giving the facility a deadline of Jan.18 to pay a ransom of $1.5 million in exchange for their data deletion.

article thumbnail

Recovering Smartphone Voice from the Accelerometer

Schneier on Security

Yet another smartphone side-channel attack: “ EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers “: Abstract: Eavesdropping from the user’s smartphone is a well-known threat to the user’s safety and privacy. Existing studies show that loudspeaker reverberation can inject speech into motion sensor readings, leading to speech eavesdropping.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Bahamian Regulator Controls FTX Digital Assets Worth $3.5B

Data Breach Today

Agency Says It Has Temporary 'Exclusive Control' of Assets for Safe Custody The Bahamas Securities Commission seized digital assets worth $3.5 billion from local firm FTX Digital Markets. The regulator says the funds were at risk of "imminent dissipation" due to hack attacks, and will temporarily remain under its exclusive control, stored in secure digital wallets.

Marketing 144
article thumbnail

Beyond the Obvious: The Boldest Cybersecurity Predictions for 2023

Dark Reading

Dark Reading's panel of security experts deliver a magnum of bubbly hot takes on what 2023 will look like, featuring evil AIs, WWIII, wild workplace soon-to-be-norms, and more.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

ISMG Editors Panel: Looking Back on 2022

Data Breach Today

A Reflection on Top Thought-Leader Interviews of the Year In the latest update, four ISMG editors discuss important issues of 2022, including: CISO Marene Allison's unique career path; Ukrainian government cybersecurity official Victor Zhora on lessons learned from countering cyberattacks; and insights from CEO Nikesh Arora of Palo Alto Networks.

More Trending

article thumbnail

Italian Healthcare Group Targeted in Data-Leaking Shakedown

Data Breach Today

Ragnar Locker Apparently Still Trying to Extort Victim; Says No Files Encrypted One of the primary healthcare systems in the northwestern Italian city of Alessandria has been listed as a recent victim of the Ragnar Locker ransomware group, which has leaked stolen data and appears to be continuing to try and extort the organization.

article thumbnail

Weekly Update 328

Troy Hunt

We made it! That's 2022 done and dusted, and what a year it was, both professionally and personally. It feels great to get to the end of the year with all the proverbial ducks lined up, some massive achievements now behind us (not least of which was the wedding), and a clean slate coming into 2023 to do amazing things. I'm super excited about next year and can't wait to share a whole bunch of new stuff over the coming 52 Fridays.

article thumbnail

Ukraine: Russian Hackers' Focus is Civilian Infrastructure

Data Breach Today

Cybersecurity Officials See Prioritization on Infrastructure Over Military Targets State-backed Russian hacking groups are continuing to focus less on Ukrainian military targets and much more on civilian infrastructure, Ukrainian cybersecurity officials report. Since the start of the year, Ukraine's Computer Emergency Response Team has tracked more than 2,100 major hack attacks.

Military 130
article thumbnail

War and Geopolitical Conflict: The New Battleground for DDoS Attacks

Dark Reading

The effectiveness of attacks largely depends on organizations' distributed denial-of-service defenses.

123
123
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Scripps Health Reaches $3.5 Million Data Breach Settlement

Data Breach Today

Ransomware Attack in 2021 Disrupted Hospitals and Compromised Patient Data California hospital operator Scripps Health has agreed to pay $3.57 million in "minimum cash settlements" of $100 per victim, plus some additional types of expenses, to settle a class-action lawsuit filed by victims of a 2021 data breach perpetrated by ransomware-wielding attackers.

article thumbnail

NETGEAR fixes a severe bug in its routers. Patch it asap!

Security Affairs

Netgear addressed a high-severity bug affecting multiple WiFi router models, including Wireless AC Nighthawk , Wireless AX Nighthawk (WiFi 6) , and Wireless AC. Netgear fixed a bug affecting multiple WiFi router models, including Wireless AC Nighthawk , Wireless AX Nighthawk (WiFi 6) , and Wireless AC router models. The vendor only said that the flaw is a pre-authentication buffer overflow vulnerability and urged customers to address the firmware of their devices as soon as possible.

IT 93
article thumbnail

Planning for Regional Cyber Incident Response

Data Breach Today

Hospitals must not only prepare in advance for ransomware and other debilitating attacks on their organizations, but also for responding to the effect of cyber incidents at neighboring facilities, says Dr. Christian Dameff of the University of California San Diego.

article thumbnail

Lockbit ransomware gang claims to have hacked the Port of Lisbon

Security Affairs

The website for the Port of Lisbon is still down days after it was the target of a ransomware attack claimed by Lockbit group. The Port of Lisbon is the third-largest port in Portugal and one of the main European ports due to its strategic location. The website of the port was hit by a cyber attack on December 25, in response to the security breach the administrators shut down it.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

The Password Isn’t Dead Yet. You Need a Hardware Key

WIRED Threat Level

Any multifactor authentication adds protection, but a physical token is the best bet when it really counts.

article thumbnail

CISA adds JasperReports vulnerabilities to its Known Exploited Vulnerabilities Catalog

Security Affairs

US CISA added TIBCO Software’s JasperReports vulnerabilities to its Known Exploited Vulnerabilities Catalog. US CISA added TIBCO Software’s JasperReports vulnerabilities, tracked as CVE-2018-5430 (CVSS score: 7.7) and CVE-2018-18809 (CVSS score: 9.9), to its Known Exploited Vulnerabilities ( KEV ) catalog, TIBCO JasperReports is an open-source Java reporting tool for creating and managing reports and dashboards.

IT 88
article thumbnail

Finance and Insurance Is the Sector Most Impacted by Data Breaches In 2022

KnowBe4

Analysis of the year’s breaches shows Finance and Insurance businesses are the most targeted and have lost a material count of records as a result.

article thumbnail

New Linux malware targets WordPress sites by exploiting 30 bugs

Security Affairs

A new Linux malware has been exploiting 30 vulnerabilities in outdated WordPress plugins and themes to deploy malicious JavaScripts. Doctor Web researchers discovered a Linux malware, tracked as Linux.BackDoor.WordPressExploit.1, that compromises WordPress websites by exploiting 30 vulnerabilities in multiple outdated plugins and themes. The malware injects into targeted webpages malicious JavaScripts, then when users click on the compromised page, they are redirected to other sites under the c

CMS 84
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Adobe, Apple, Cisco, Microsoft Flaws Make Up Half of KEV Catalog

Dark Reading

CISA’s Known Exploited Vulnerabilities Catalog has become a valuable repository of vulnerabilities to be patched. A pair of reports analyze the vulnerabilities under attack to understand the kind of threats organizations should be prioritizing.

69
article thumbnail

One Out of 10 Threats Still Make It All the Way to the Endpoint

KnowBe4

Despite good intentions, layered security measures, and efficacy claims by security solution vendors, new data shows that email-based threats are still getting all the way to the Inbox.

IT 67
article thumbnail

API Security Is the New Black

Dark Reading

API security is so hot right now.

article thumbnail

Your KnowBe4 Fresh Content Updates from December 2022

KnowBe4

Check out the 36 new pieces of training content added in December, alongside the always fresh content update highlights and new features.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

The Equifax Breach Settlement Offer is Real, For Now via Krebs on Security

IG Guru

Check out the article here.

article thumbnail

Happy New Year 2023!

eDiscovery Law

The K&L Gates e-DAT Group send its best wishes to all for an amazing New Year!

IT 40
article thumbnail

Friday Squid Blogging: Grounded Fishing Boat Carrying 16,000 Pounds of Squid

Schneier on Security

Rough seas are hampering efforts to salvage the boat : The Speranza Marie, carrying 16,000 pounds of squid and some 1,000 gallons of diesel fuel, hit the shoreline near Chinese Harbor at about 2 a.m. on Dec. 15. Six crew members were on board, and all were rescued without injury by another fishing boat. […]. However, large swells caused by the recent storm caused the Speranza Marie to pull loose from it anchored position and drift about 100 yards from from its original grounded location in