June, 2021

article thumbnail

CEO-Level Guide to Prevent Data Hacking Technologies & Incidents

Security Affairs

The current era, where all data is digital, the threats of fraud, breach and data sprawl are more of a reality than ever. In these times, organizations not only take a hit because of the breached data and cyber threats, but also are heavily fined under global privacy regulations. These privacy regulations are in place to encourage security operations within organizations to protect their data from malicious intent.

Privacy 117
article thumbnail

A View from Inside a Deception

Dark Reading

Pen-testing today's threat deception technology is not for the faint-hearted. Do modern deception tools truly frustrate adversaries, and are they ready for the enterprise SOC?

114
114
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

UK Cyber Security Council to Tackle Education, Standards

Data Breach Today

Dr. Claudia Natanson Describes Vision of U.K.’s New Self-Regulatory Body U.K. Cyber Security Council is a new self-regulatory body for the profession. It is tasked by the U.K. Government to execute their vision for the U.K. to be one of the safest places to work and do business online, says the chair of the Council’s Board of Trustees, Dr. Claudia Natanson.

Education 363
article thumbnail

How Cyber Safe is Your Drinking Water Supply?

Krebs on Security

Amid multiple recent reports of hackers breaking into and tampering with drinking water treatment systems comes a new industry survey with some sobering findings: A majority of the 52,000 separate drinking water systems in the United States still haven’t inventoried some or any of their information technology systems — a basic first step in protecting networks from cyberattacks.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Nameless Malware Discovered by NordLocker is Now in Have I Been Pwned

Troy Hunt

I've had a couple of cases to date where email addresses compromised by malware then discovered in the course of investigations have been provided to Have I Been Pwned (HIBP). Firstly by the Estonian Central Criminal Police a few years ago , then by the FBI and global counterparts this April and now, in the third such case, by NordLocker. (Full disclosure: I'm a strategic advisor for NordVPN who shares the same parent company.

IT 144

More Trending

article thumbnail

New LinkedIn breach exposes data of 700 Million users

Security Affairs

A new massive LinkedIn breach made the headlines, the leak reportedly exposes the data of 700M users, more than 92% of the total 756M users. A new massive LinkedIn breach made the headlines, a database containing data of 700M users, more than 92% of the total 756M users, is available for sale on forums on the dark web. The exposed records include email addresses full names, phone numbers, physical addresses, geolocation records, LinkedIn username and profile URL, personal and professional experi

Sales 145
article thumbnail

How President Biden Can Better Defend the US From Russian Hacks

Dark Reading

Wilson Center cybersecurity expert Meg King pinpoints five ambitious steps the administration should take, including a comprehensive national data breach notification protocol.

article thumbnail

Biden Warns Putin of Cyber Retaliation

Data Breach Today

U.S Wants 16 Critical Infrastructure Entities Off-Limits to Attack At their Geneva summit meeting Wednesday, U.S. President Joe Biden told Russian President Vladimir Putin that if Russia continued to wage cyberattacks against the U.S., it would face retaliation.

IT 361
article thumbnail

Ukrainian Police Nab Six Tied to CLOP Ransomware

Krebs on Security

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims. Some of CLOP’s victims this year alone include Stanford University Medical School , the University of California , and University of Maryland. A still shot from a video showing Ukrainian police seizing a Tesla, one of many high-end vehicles seized in this week’s raids on the Clop gang.

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Welcoming the Finnish Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the Finnish government to Have I Been Pwned by granting their National Cyber Security Centre full and free access to query their government domains. API access to query their domains will give them greater visibility into the impact of data breaches on the Finnish government. Finland is now the 5th Nordic country and 21st national CERT to be onboarded with many more from around the globe to be announced shortly.

article thumbnail

FBI/AFP-Run Encrypted Phone

Schneier on Security

For three years, the Federal Bureau of Investigation and the Australian Federal Police owned and operated a commercial encrypted phone app, called AN0M, that was used by organized crime around the world. Of course, the police were able to read everything — I don’t even know if this qualifies as a backdoor. This week, the world’s police organizations announced 800 arrests based on text messages sent over the app.

article thumbnail

Vigilante malware stops victims from visiting piracy websites

Security Affairs

This strange malware stops you from visiting pirate websites. Sophos researchers uncovered a malware campaign that aims at blocking infected users’ from being able to visit a large number of piracy websites. . Sophos researchers uncovered a malware campaign that aims at blocking infected users’ from visiting a large number of websites dedicated to software piracy by modifying the HOSTS file on the infected system.

Archiving 141
article thumbnail

Huawei and the Critical Need for Global Cybersecurity Cooperation

eSecurity Planet

Huawei is understandably frustrated. The company has been accused by the U.S., UK and others of improper ties to the Chinese government and punished without any proof of wrongdoing. The company has done everything it can to address those concerns short of exiting its home country, and not only is it not enough, but no one can seem to figure out if there is even a path out of the current dilemma.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Researchers Identify New Malware Loader Variant

Data Breach Today

New JSSLoader Variant is Being Spread by TA543 Group A cybercrime group tracked as TA543 by security firm Proofpoint is deploying a new variant of a malware loader to target victims as part of a phishing campaign, the company reports.

Phishing 360
article thumbnail

How Does One Get Hired by a Top Cybercrime Gang?

Krebs on Security

The U.S. Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot , a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware. Just how did a self-employed web site designer and mother of two come to work for one of the world’s most rapacious cybercriminal groups and then leave such an obvious trail of clues indicating her

article thumbnail

Weekly Update 246

Troy Hunt

This week has been absolutely dominated by code contributions to Pwned Passwords. This is such an awesome, humbling experience that so many people have wanted to contribute their time to something that makes online life better for all of us. The challenge I have now is, as expected, managing the pull requests, reviewing code and ensuring the project heads in the right direction as support for ingesting the FBI -provided passwords is built out.

Passwords 141
article thumbnail

The DarkSide Ransomware Gang

Schneier on Security

The New York Times has a long story on the DarkSide ransomware gang. A glimpse into DarkSide’s secret communications in the months leading up to the Colonial Pipeline attack reveals a criminal operation on the rise, pulling in millions of dollars in ransom payments each month. DarkSide offers what is known as “ransomware as a service,” in which a malware developer charges a user fee to so-called affiliates like Woris, who may not have the technical skills to actually create ran

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Trend Micro details CVE-2021-30724 privilege escalation flaw in macOS, iOS

Security Affairs

Trend Micro disclosed technical details of a patched privilege escalation issue, tracked as CVE-2021-30724 , that impacts macOS, iOS and iPadOS. Trend Micro researchers disclosed technical details of a patched privilege escalation vulnerability, tracked as CVE-2021-30724 , that impacts macOS, iOS, and iPadOS. The flaw was reported to Apple by Trend Micro researcher Mickey Jin, and the It giant fixed the issue was addressed by the IT giant on May 24 with the release of macOS 11.4, iOS 14.6, and

article thumbnail

30M Dell Devices at Risk for Remote BIOS Attacks, RCE

Threatpost

Four separate security bugs would give attackers almost complete control and persistence over targeted devices, thanks to a faulty update mechanism.

Risk 144
article thumbnail

Union Benefits Administrator Says Data Deleted in Hack

Data Breach Today

Service Employees International Union 775 Benefits Group: PII and PHI Deleted A Seattle-based benefits administrator for unionized home healthcare and nursing home workers has reported a hacking incident affecting 140,000 individuals that involved deleting certain data.

360
360
article thumbnail

How Cyber Sleuths Cracked an ATM Shimmer Gang

Krebs on Security

In 2015, police departments worldwide started finding ATMs compromised with advanced new “shimming” devices made to steal data from chip card transactions. Authorities in the United States and abroad had seized many of these shimmers, but for years couldn’t decrypt the data on the devices. This is a story of ingenuity and happenstance, and how one former Secret Service agent helped crack a code that revealed the contours of a global organized crime ring.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Expanding the Have I Been Pwned Volunteer Community

Troy Hunt

Ever notice how there was a massive gap of almost 9 months between announcing the intention to start open sourcing Have I Been Pwned (HIBP) in August last year and then finally a couple of weeks ago, actually taking the first step with Pwned Passwords ? Many people certainly noticed the time because I kept getting asked when it was actually going to happen.

Passwords 138
article thumbnail

Intentional Flaw in GPRS Encryption Algorithm GEA-1

Schneier on Security

General Packet Radio Service (GPRS) is a mobile data standard that was widely used in the early 2000s. The first encryption algorithm for that standard was GEA-1, a stream cipher built on three linear-feedback shift registers and a non-linear combining function. Although the algorithm has a 64-bit key, the effective key length is only 40 bits, due to “an exceptional interaction of the deployed LFSRs and the key initialization, which is highly unlikely to occur by chance.” GEA-1 was d

article thumbnail

North Korean APT group Kimsuky allegedly hacked South Korea’s atomic research agency KAERI

Security Affairs

North Korea-linked APT group Kimsuky allegedly breached South Korea’s atomic research agency KAERI by exploiting a VPN vulnerability. South Korean representatives declared on Friday that North Korea-linked APT group Kimsuky is believed to have breached the internal network of the South Korean Atomic Energy Research Institute (KAERI). The Korea Atomic Energy Research Institute (KAERI) in Daejeon, South Korea was established in 1959 as the sole professional research-oriented institute for nuclea

Phishing 139
article thumbnail

How AI is Advancing Cybersecurity

eSecurity Planet

There’s a never ending cycle between the measures cybersecurity providers introduce to prevent or remediate cyber threats and the tactics cyber criminals use to get around these security measures. As soon as a security company develops a way to mitigate the latest threat, attackers develop a new threat to take its place. Artificial intelligence has emerged as a critical tool cybersecurity companies leverage to stay ahead of the curve.

article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

White House Urges Businesses: Improve Ransomware Defenses

Data Breach Today

Biden Orders Federal Ransomware Task Force to Coordinate Federal Investigations The White House has written to business leaders, urging them to prioritize having robust ransomware defenses in place. The move comes as the Biden administration pursues multiple strategies to combat ransomware and digital extortion, including ordering a new task force to coordinate all federal investigations.

article thumbnail

MyBook Users Urged to Unplug Devices from Internet

Krebs on Security

Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a critical flaw that can be triggered by anyone who knows the Internet address of an affected device. One of many similar complaints on Western Digital’s user forum.

Access 289
article thumbnail

Welcoming the Slovak Republic Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the 23rd national government to Have I Been Pwned, the Slovak Republic. As of now, CSIRT.sk has full and free access to query all their government domains via an API that returns all their email addresses impacted by each data breach in HIBP. Granting governments this level of access gives them visibility into not just the 11.4 billion records that are already in HIBP but provides an early warning system for the billions of records yet to come.