Fri.Sep 23, 2022

article thumbnail

Australian Telco Optus Investigates Scope of Large Breach

Data Breach Today

Optus CEO Apologizes and Says Incident Under ‘Criminal Investigation’ A criminal investigation is under way into a breach at Optus, Australia’s second-largest telecommunications company. Optus’s CEO says the company will notify those affected. It’s unknown so far who perpetrated the attack. The data has not appeared on the Dark Web.

244
244
article thumbnail

Leaking Screen Information on Zoom Calls through Reflections in Eyeglasses

Schneier on Security

Okay, it’s an obscure threat. But people are researching it : Our models and experimental results in a controlled lab setting show it is possible to reconstruct and recognize with over 75 percent accuracy on-screen texts that have heights as small as 10 mm with a 720p webcam.” That corresponds to 28 pt, a font size commonly used for headings and small headlines. […].

Paper 119
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Ransomware’s Future: A Lucrative Money Spinner

Data Breach Today

Intel 471’s Michael DeBolt Says Anti-Ransomware Actions Will Take Time What is the future of ransomware, and is it going to continue with the same intensity of the last few years? Michael DeBolt of Intel471 says anti-ransomware efforts, including government action and better cybersecurity practices, are working. But ransomware isn’t going away soon.

article thumbnail

Indonesia Enacts its First Data Protection Act

Hunton Privacy

On September 20, 2022, Indonesia’s parliament ratified the Personal Data Protection Act (the “Act”). The Act is the first comprehensive data protection law to be enacted in Indonesia and will come into effect on a date set by the Minister of State Secretariat. Organizations subject to the Act will have two years to come into compliance with the Act’s requirements.

article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Portuguese Airliner Vows Defiance Against Extortion Hackers

Data Breach Today

Ragnar Locker Leak Site Publishes Data of 1.5 Million Customers The chief executive of Portugal's state-owned airline said she will not negotiate with hackers even as the Ragnar Locker ransomware-as-a-service group posted online the data of 1.5 million customers. "We hope you support us in this ethical attitude," said Christine Ourmières-Widener.

More Trending

article thumbnail

Malwarebytes Gets $100M Weeks After Laying Off 14% of Staff

Data Breach Today

Vector Capital Funds to Boost Attack Surface Software, MSP and Partner Channels Private equity firm Vector Capital invested $100 million in Malwarebytes a month after the antivirus stalwart laid off 125 employees to focus on smaller customers. The funds will help the vendor reduce clients' attack surfaces and accelerate momentum with MSPs and channel partners.

243
243
article thumbnail

Phishing Campaign Targets GitHub Users

KnowBe4

GitHub has issued an alert warning of a phishing campaign targeting users by impersonating the popular DevOps tool CircleCI, BleepingComputer reports. The phishing emails inform users that they’ll need to click on a link and log into their GitHub account in order to review CircleCI’s new terms of service. The phishing site is designed to harvest credentials as well as time-based one-time-password (TOTP) authentication codes.

Phishing 100
article thumbnail

Capital One Moves Past 2019 Hacking Incident

Data Breach Today

The Office of the Comptroller of the Currency Lifts Reporting Requirement Credit card giant Capital One is moving past its 2019 hacking incident as federal regulators stop requiring quarterly updates on efforts to improve cybersecurity and a federal judge signs off on a $190 million settlement in a proposed class action lawsuit.

article thumbnail

Researchers Uncover Mysterious 'Metador' Cyber-Espionage Group

Dark Reading

Researchers from SentinelLabs laid out what they know about the attackers and implored the researcher community for help in learning more about the shadowy group.

94
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Sweepstakes Spam Hackers Used Microsoft Infrastructure

Data Breach Today

Hackers Wanted Spam to Come From Legitimate Exchange Accounts Hackers behind a campaign of deceptive sweepstakes spam hacked their way into Azure cloud accounts that lacked multifactor authentication and obtained admin privileges for Exchange servers. Microsoft advises turning on MFA and other measures such as conditional access.

article thumbnail

Iran’s Internet Shutdown Hides a Deadly Crackdown

WIRED Threat Level

Amid protests against the killing of Mahsa Amini, authorities have cut off mobile internet, WhatsApp, and Instagram. The death toll continues to rise.

article thumbnail

Ransomware’s Future: A Continuing Money Spinner

Data Breach Today

Intel 471’s Michael DeBolt Says Anti-Ransomware Actions Will Take Time What is the future of ransomware, and is it going to continue with the same intensity of the last few years? Michael DeBolt of Intel471 says anti-ransomware efforts, including government action and better cybersecurity practices, are working. But ransomware isn’t going away soon.

article thumbnail

CISA: Zoho ManageEngine RCE Bug Is Under Active Exploit

Dark Reading

The bug allows unauthenticated code execution on the company's firewall products, and CISA says it poses "significant risk" to federal government.

Risk 93
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

HHS HC3 Warns Health Sector of Monkeypox Phishing Schemes

Data Breach Today

Hackers Seeking to Harvest Credentials, Commit Business Email Compromise Scams Scammers are taking advantage of the monkeypox virus outbreak to launch phishing campaigns targeting healthcare providers and public health organizations to harvest credentials, the Department of Health and Human Services' Health Sector Cybersecurity Coordination Center says.

Phishing 237
article thumbnail

Cyberattackers Compromise Microsoft Exchange Servers via Malicious OAuth Apps

Dark Reading

Cybercriminals took control of enterprise Exchange Servers to spread large amounts of spam aimed at signing people up for bogus subscriptions.

94
article thumbnail

ISMG Editors: How a Teen's Hack of Uber Adds to MFA Crisis

Data Breach Today

Also: SD-WAN, SASE Trends and Big Gaps in Security Culture In the latest weekly update, ISMG editors discuss the industrywide implications of a teenager hacking into Uber's internal systems, key trends in the new Gartner SD-WAN Magic Quadrant report, and how ethics and security culture are center stage due to recent CISO revelations at Uber and Twitter.

Security 233
article thumbnail

Anonymous claims to have hacked the website of the Russian Ministry of Defense

Security Affairs

The popular collective Anonymous claims to have hacked the website of the Russian Ministry of Defense and leaked data of 305,925 people. The #OpRussia ( #OpRussia ) launched by Anonymous on Russia after the criminal invasion of Ukraine continues, the popular collective claims to have hacked the website of the Russian Ministry of Defense. The group of hacktivists has leaked the data of 305,925 people who are likely to be mobilized in the first of three waves of mobilization announced by President

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

It's 2022. Do You Know Where Your Old Hard Drives Are?

Data Breach Today

The latest edition of the ISMG Security Report discusses financial giant Morgan Stanley's failure to invest in proper hard drive destruction oversight, the future of ransomware and the gangs that have attacked organizations in recent years, and the methods required to secure new payments systems.

IT 130
article thumbnail

Australian Telecoms company Optus discloses security breach

Security Affairs

Australian telecoms company Optus disclosed a data breach, threat actors gained access to former and current customers. Optus , one of the largest service providers in Australia, disclosed a data breach. The intruders gained access to the personal information of both former and current customers. The company is a subsidiary of Singtel with 10.5 million subscribers as of 2019. “Following a cyberattack, Optus is investigating the possible unauthorised access of current and former customers’

article thumbnail

Hacks Spotlight PHI Risks For Ambulance Cos., Vendors

Data Breach Today

Two Breaches Affected a Total of Nearly 400,000 Patients Recent hacking incidents involving an emergency medical transport company and a firm that provides billing services to ambulance companies underscore how protected health information is subject to risk and oversight alike before a patient even steps into a hospital.

Risk 130
article thumbnail

AttachMe: a critical flaw affects Oracle Cloud Infrastructure (OCI)

Security Affairs

A critical vulnerability in Oracle Cloud Infrastructure (OCI) could be exploited to access the virtual disks of other Oracle customers. Wiz researchers discovered a critical flaw in Oracle Cloud Infrastructure (OCI) that could be exploited by users to access the virtual disks of other Oracle customers. An attacker can trigger the flaw to exfiltrate sensitive data or conduct more destructive attacks by manipulating executable files.

Cloud 84
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Malicious npm Package Poses as Tailwind Tool

Dark Reading

Branded as a components library for two popular open source resources, Material Tailwind instead loads a Windows.exe that can run PowerShell scripts.

article thumbnail

CISA adds Zoho ManageEngine flaw to its Known Exploited Vulnerabilities Catalog

Security Affairs

CISA added a security flaw in Zoho ManageEngine, tracked as CVE-2022-35405, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a recently disclosed security flaw in Zoho ManageEngine, tracked as CVE-2022-35405 (CVSS score 9.8) , to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address t

IT 84
article thumbnail

Neglecting Open Source Developers Puts the Internet at Risk

Dark Reading

From creating a software bill of materials for applications your company uses to supporting open source projects and maintainers, businesses need to step up their efforts to help reduce risks.

Risk 77
article thumbnail

Surge in Magento 2 template attacks exploiting the CVE-2022-24086 flaw

Security Affairs

Sansec researchers warn of a surge in hacking attempts targeting a critical Magento 2 vulnerability tracked as CVE-2022-24086. Sansec researchers are warning of a hacking campaign targeting the CVE-2022-24086 Magento 2 vulnerability. Magento is a popular open-source e-commerce platform owned by Adobe, which is used by hundreds of thousands of e-stores worldwide.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Time to Quell the Alarm Bells Around Post-Quantum Crypto-Cracking

Dark Reading

Quantum computing's impact on cryptography is not a cliff that we'll all be forced to jump off of, according to Deloitte.

90
article thumbnail

[New Feature] Managing Your Risk and Compliance Tasks Just Got Easier with KCM’s Jira Integration

KnowBe4

We’re thrilled to announce that Atlassian Jira integration support is now available with KnowBe4’s KCM GRC platform.

article thumbnail

Developer Leaks LockBit 3.0 Ransomware-Builder Code

Dark Reading

Code could allow other attackers to develop copycat versions of the malware, but it could help researchers understand the threat better as well.