Dark Reading
JULY 10, 2023
An attack involves a multi-stage infection chain with custom malware hosted on Amazon EC2 that ultimately steals critical system and browser data; so far, targets have been located in Latin America.
Krebs on Security
JULY 3, 2023
If you’ve ever owned a domain name, the chances are good that at some point you’ve received a snail mail letter which appears to be a bill for a domain or website-related services. In reality, these misleading missives try to trick people into paying for useless services they never ordered, don’t need, and probably will never receive.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
JULY 31, 2023
Plan Includes Boosting Cyber Professional Skills, Plus Cyber Literacy for All Jobs The Biden administration on Monday released a national strategy addressing cyber workforce shortages and calling long-standing vacancies a national security imperative. The White House says the U.S. needs more cyber professionals and should augment cyber literacy in jobs throughout the economy.
WIRED Threat Level
JULY 6, 2023
Want to try out Meta’s new social media app? Here’s more context on what personal data is collected by Threads and similar social media apps.
Speaker: Frank Taliano
Document-heavy workflows slow down productivity, bury institutional knowledge, and drain resources. But with the right AI implementation, these inefficiencies become opportunities for transformation. So how do you identify where to start and how to succeed? Learn how to develop a clear, practical roadmap for leveraging AI to streamline processes, automate knowledge work, and unlock real operational gains.
Security Affairs
JULY 31, 2023
Cado Security observed a new variant of the P2PInfect worm targets Redis servers with a previously undocumented initial access vector. In July, Palo Alto Networks Unit 42 researchers discovered a new peer-to-peer (P2P) worm called P2PInfect that targets Redis servers running on both Linux and Windows systems. The capability to target Redis servers running on both Linux and Windows operating systems makes P2PInfect more scalable and potent than other worms.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Weissman's World
JULY 26, 2023
“The more we automated, the more time we had to add other value. The kind only a human can provide.” – Jeffrey Henning, Chief Research Officer, Researchscape International One of the biggest worries about the advent of AI revolves around the potential the technology has to take away people’s jobs. And as you may know,… Read More » AI Won’t Take Your Job – Even if You Want it To The post AI Won’t Take Your Job – Even if You Want it To appeared first on Holly Group.
Krebs on Security
JULY 11, 2023
Microsoft Corp. today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Meanwhile, Apple customers have their own zero-day woes again this month: On Monday, Apple issued (and then quickly pulled) an emergency update to fix a zero-day vulnerability that is being exploited on MacOS and iOS devices.
Data Breach Today
JULY 6, 2023
Hacktivist-Led DDoS Attacks Also on the Rise, ENISA Says Ransomware continues to be the biggest threat to the European healthcare sector, but the region also is experiencing an uptick in distributed denial-of-service attacks tied to hacktivist groups, the European Union Agency for Cybersecurity warned.
WIRED Threat Level
JULY 5, 2023
Vulnerabilities in electric vehicle charging stations and a lack of broad standards threaten drivers—and the power grid.
Advertiser: ZoomInfo
AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.
Security Affairs
JULY 31, 2023
The AVRecon botnet relies on compromised small office/home office (SOHO) routers since at least May 2021. In early July, researchers from Lumen Black Lotus Labs discovered the AVRecon botnet that targets small office/home office (SOHO) routers and infected over 70,000 devices from 20 countries. Threat actors behind the campaign aimed at building a botnet to use for a range of criminal activities from password spraying to digital advertising fraud.
The Last Watchdog
JULY 10, 2023
To tap the full potential of massively interconnected, fully interoperable digital systems we must solve privacy and cybersecurity, to be sure. Related: Using ‘Big Data’ to improve health and well-being But there’s yet another towering technology mountain to climb: we must also overcome the limitations of Moore’s Law. After 30 years, we’ve reached the end of Moore’s Law , which states that the number of transistors on a silicon-based semiconductor chip doubles approximately eve
Weissman's World
JULY 18, 2023
It is my pleasure and honor to introduce to you a new buzzword. It’s “Ruminant AI,” which I invented just last week and named after animals like cows and sheep that chew on previously ingested material (the cud). Here’s why: AI engines like ChatGPT ingest information from as many sources as they can be provided… Read More » Introducing: Ruminant AI (You Heard it Here First) The post Introducing: Ruminant AI (You Heard it Here First) appeared first on Holly Group.
Krebs on Security
JULY 21, 2023
Many things have changed since 2018, such as the names of the companies in the Fortune 100 list. But one aspect of that vaunted list that hasn’t shifted much since is that very few of these companies list any security professionals within their top executive ranks. The next time you receive a breach notification letter that invariably says a company you trusted places a top priority on customer security and privacy, consider this: Only four of the Fortune 100 companies currently list a sec
Speaker: Ben Epstein, Stealth Founder & CTO | Tony Karrer, Founder & CTO, Aggregage
When tasked with building a fundamentally new product line with deeper insights than previously achievable for a high-value client, Ben Epstein and his team faced a significant challenge: how to harness LLMs to produce consistent, high-accuracy outputs at scale. In this new session, Ben will share how he and his team engineered a system (based on proven software engineering approaches) that employs reproducible test variations (via temperature 0 and fixed seeds), and enables non-LLM evaluation m
Data Breach Today
JULY 7, 2023
Progress Software Reveals 1 New 'Critical' and 2 'High-Severity' Bugs For the third time since the discovery of the MOVEit Transfer application zero-day vulnerability, Progress Software has revealed a new critical SQL injection vulnerability that allows remote attackers to bypass authentication and execute arbitrary code.
WIRED Threat Level
JULY 11, 2023
Roger Thomas Clark, also known as Variety Jones, will spend much of the rest of his life in prison for his key role in building the world’s first dark-web drug market.
Security Affairs
JULY 31, 2023
Experts warn of vulnerabilities impacting the Ninja Forms plugin for WordPress that could be exploited for escalating privileges and data theft. The Ninja Forms plugin for WordPress is affected by multiple vulnerabilities (tracked as CVE-2023-37979, CVE-2023-38386, and CVE-2023-38393) that can be exploited by threat actors to escalate privileges and steal sensitive data.
The Last Watchdog
JULY 6, 2023
Hsinchu, Taiwan – July 6, 2023 – Nuvoton Technology, one of the world’s leading suppliers of microcontrollers, has proudly launched its MUG51 8-bit MCU series of low power microcontrollers designed for battery-free devices. Nuvoton is committed to sustainable 8-bit MCU production and product longevity to ensure a reliable supply, giving customers the confidence to commit to long-term products, platforms, and projects.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Data Breach Today
JULY 4, 2023
Cloud Adoption in Financial Services has Soared - as Has Security Risk Financial services organizations face unique cloud security challenges, due to special regulatory, data security and privacy considerations that don't necessarily apply to other industries. Security and payments experts with overlapping skillsets unpack the challenges and how to deal with them.
Data Breach Today
JULY 7, 2023
Latest Hacking, Vendor Incident Trends Emerging From the Federal Tally Hacking incidents, including those involving ransomware attacks or vendors, that affect tens of millions of individuals, continue to account for the majority of health data breaches reported to federal regulators so far this year. What are the other emerging breach trends?
Data Breach Today
JULY 5, 2023
Reported LockBit 3.0 Attack Locks Up Systems, Delays Shipping of Toyota Auto Parts Ransomware believed to originate from the Russian LockBit 3.0 group has locked up computer systems for the Port of Nagoya, Japan's largest cargo hub. The attack held up shipments of Toyota auto parts containers starting Tuesday, but port authorities expect to resume operations Thursday morning.
Security Affairs
JULY 31, 2023
Researchers warn that threat actors started exploiting Citrix ShareFile RCE vulnerability CVE-2023-24489 in the wild. Citrix ShareFile is a widely used cloud-based file-sharing application, which is affected by the critical remote code execution (RCE) tracked as CVE-2023-24489 (CVSS score of 9.1). The flaw impacts the customer-managed ShareFile storage zones controller, an unauthenticated, remote attacker can trigger the flaw to compromise the controller by uploading arbitrary file or executing
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
JULY 30, 2023
Software firm Ivanti disclosed another security vulnerability impacting Endpoint Manager Mobile (EPMM), that it said actively exploited. Ivanti disclosed a new security vulnerability impacting Endpoint Manager Mobile (EPMM), tracked as CVE-2023-35081 (CVSS score: 7.8), that was exploited in the wild as part of an exploit chain by threat actors. “A vulnerability has been discovered in Ivanti Endpoint Manager Mobile (EPMM), formerly known as MobileIron Core.” reads the advisory publish
Security Affairs
JULY 30, 2023
Google’s Threat Analysis Group Google states that more than 40% of zero-day flaws discovered in 2022 were variants of previous issues. The popular Threat Analysis Group (TAG) Maddie Stone wrote Google’s fourth annual year-in-review of zero-day flaws exploited in-the-wild [ 2021 , 2020 , 2019 ], it is built off of the mid-year 2022 review. In 2022, the researchers disclosed 41 actively exploited zero-day flaws, which marks the second-most ever recorded since we began tracking in mid-2014.
WIRED Threat Level
JULY 10, 2023
Cities across the US have established RTCCs that police say protect the rights of innocent people, but critics warn of creeping surveillance.
Security Affairs
JULY 29, 2023
A Linux variant of the Abyss Locker designed to target VMware ESXi servers appeared in the threat landscape, experts warn. The operators behind the Abyss Locker developed a Linux variant that targets VMware ESXi servers expanding their potential targets. VMware ESXi servers are privileged targets of ransomware groups and are often part of enterprises’ infrastructures.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
JULY 29, 2023
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of threat actors deploying the SUBMARINE Backdoor in Barracuda ESG attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published an alert on a malware variant, tracked as SUBMARINE Backdoor, that was employed in attacks exploiting the flaw CVE-2023-2868 in Barracuda Email Security Gateway (ESG) appliances.
Security Affairs
JULY 28, 2023
Russia-linked BlueBravo has been spotted targeting diplomatic entities in Eastern Europe with the GraphicalProton Backdoor. The Russia-linked threat-state actor BlueBravo (aka APT29 , Cloaked Ursa, and Midnight Blizzard, Nobelium ) has been observed targeting diplomatic entities throughout Eastern Europe. The group was observed conducting a spear-phishing campaign with the end goal of infecting recipients with a new backdoor called GraphicalProton.
Security Affairs
JULY 28, 2023
Crypto-payments service provider CoinsPaid suffered a cyber attack that resulted in the theft of $37,200,000 worth of cryptocurrency. CoinsPaid, a crypto-payment service provider, fell victim to a cyber attack, leading to the theft of $37,200,000 worth of cryptocurrency. The company attributes the cyber heist to the North Korea-linked APT Lazarus , which is also responsible for the attacks against Axie Infinity (USD 625M), Horizon Bridge (USD 100M), Atomic Wallet (USD 100M) and Alphapo (USD 23M)
Expert insights. Personalized for you.
113 
Let's personalize your content