April, 2023

article thumbnail

'GhostToken' Opens Google Accounts to Permanent Infection

Dark Reading

A bug in how Google Cloud Platform handles OAuth tokens opened the door to Trojan apps that could access anything in users' personal or business Google Drives, Photos, Gmail, and more.

Cloud 144
article thumbnail

Apple Issues Emergency Fix for Spyware-Style Zero Days

Data Breach Today

Apple Recommends Immediate Updating Due to Extensive List of Affected Devices Apple issued security updates to address two zero-day vulnerabilities being actively exploited in the wild and targeting iPads, Macs and iPhones. Both vulnerabilities can lead to arbitrary code execution, but Apple said it found no exploits related to cybercrime or nation-state groups.

Security 352
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers

Krebs on Security

Several domain names tied to Genesis Market , a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sources tell KrebsOnsecurity the domain seizures coincided with “dozens” of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly

Marketing 345
article thumbnail

ITRC: Lack of Details in Data Breach Notices on the Rise

Data Breach Today

James E. Lee Shares 2023 Q1 Data Breach Report Highlights According to findings from the Identity Theft Resource Center's 2023 Q1 Data Breach Report, the number of publicly reported data compromises decreased, but the number of data breaches with no actionable information about the root cause of the compromise grew.

article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

How to Define Tier-Zero Assets in Active Directory Security

Dark Reading

There are plenty of AD objects and groups that should be considered tier zero in every environment, but some will vary among organizations.

Security 143

More Trending

article thumbnail

Kali Linux Penetration Testing Tutorial: Step-By-Step Process

eSecurity Planet

Kali Linux turns 10 this year, and to celebrate, the Linux penetration testing distribution has added defensive security tools to its arsenal of open-source security tools. It remains to be seen if Kali Purple will do for defensive open source security tools what Kali Linux has done for open source pentesting, but the addition of more than 100 open source tools for SIEM , incident response , intrusion detection and more should raise the profile of those defensive tools.

article thumbnail

What Is Data Minimisation? Definition & Examples

IT Governance

Data minimisation is a key part of information security and the GDPR (General Data Protection Regulation) in particular. Its principles are at the heart of effective data protection practices, and are intended to prevent privacy breaches and minimise the damage when security incidents occur. What is data minimisation? Data minimisation requires organisations to process personal data only if it serves a specific purpose, and to retain it for only as long as it’s needed to meet that purpose.

GDPR 132
article thumbnail

Many Public Salesforce Sites are Leaking Private Data

Krebs on Security

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.

Access 297
article thumbnail

Suspected Apple iOS Zero-Day Used to Spread 'Reign' Spyware

Data Breach Today

The Spyware Can Record Audio, Take Pictures, Track Locations and Steal Passwords A low-profile Israeli advanced spyware firm used a suspected zero-day to surveil the lives of journalists, political opposition figures and a nongovernmental organization worker across multiple continents, say researchers from the Citizen Lab and Microsoft.

Passwords 304
article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

Researcher Tricks ChatGPT into Building Undetectable Steganography Malware

Dark Reading

Using only ChatGPT prompts, a Forcepoint researcher convinced the AI to create malware for finding and exfiltrating specific documents, despite its directive to refuse malicious requests.

IT 140
article thumbnail

Threat advisory: Mobile spyware continues to evolve

Jamf

Jamf Threat Labs examines two sophisticated spyware attacks and provides recommendations for organizations to defend users from increasingly complex threats.

144
144
article thumbnail

Indiana Likely to Become Seventh State to Enact a Comprehensive State Privacy Law

Hunton Privacy

On April 13, 2023, the Indiana Senate concurred to the Indiana House’s amendments of Senate Bill 5 (“SB 5”) a day after the House returned the bill to the Senate with amendments, and a couple days after the Indiana House unanimously voted to approve SB 5. SB 5 now will head to Governor Eric Holcomb for a final signature, where he will have seven days upon transmission to sign SB 5 into law or veto it.

Privacy 132
article thumbnail

Post-Quantum Cryptography (PQC): Three Easy Ways to Prepare

Thales Cloud Protection & Licensing

Post-Quantum Cryptography (PQC): Three Easy Ways to Prepare madhav Fri, 04/14/2023 - 06:05 The infamous Y2K “disaster” was successfully averted because people paid heed and prepared well in advance. Likewise, many Post-Quantum Computing (PCQ) security concerns can be addressed ahead of time with proper planning. Organizations that rely on data security and protection need to start preparing and refining strategies immediately.

IoT 127
article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

3CX Breach Was a Double Supply Chain Compromise

Krebs on Security

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX. The lengthy, complex intrusion has all the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.

Security 285
article thumbnail

TikTok Fined in UK for Children's Privacy Violation

Data Breach Today

Chinese-Owned App Will Pay 12.7 Million Pounds A British government agency added to TikTok's reputational woes by finding it failed to protect children's privacy. TikTok is playing defense in multiple Western countries against concerns it collects massive amounts of data it could use for surveillance or information operations.

Privacy 294
article thumbnail

The Hacker Who Hijacked Matt Walsh’s Twitter Was Just ‘Bored’

WIRED Threat Level

The breach of the right-wing provocateur was simply a way of “stirring up some drama,” the attacker tells WIRED. But the damage could have been much worse.

Security 141
article thumbnail

Capita Admits That Its ‘Cyber Incident’ Was Ransomware and That Customer Data Was Breached

IT Governance

The fallout from Capita’s so-called “cyber incident” last month has been slow and damning. After weeks of insisting that criminal hackers had merely disrupted internal systems, the outsourcing giant has confirmed this week that the damage was more than just an ‘incident’. It was, in fact, ransomware. Capita is one of the largest public-sector service providers in the UK, with £6.5 billion in contracts managing systems such as the BBC licence fee and the London congestion charge.

article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

Over 15 Million Systems Exposed to Known Exploited Vulnerabilities

eSecurity Planet

Effective vulnerability management is about knowing what you own and prioritizing what you need to fix. A new research report shows that millions of organizations are failing at those critical cybersecurity practices. Researchers at cybersecurity firm Rezilion found more than 15 million instances in which systems are vulnerable to the 896 flaws listed in the U.S.

article thumbnail

Recycled Core Routers Exposed Sensitive Corporate Network Info

Dark Reading

Researchers warn about a dangerous wave of unwiped, secondhand core-routers found containing corporate network configurations, credentials, and application and customer data.

128
128
article thumbnail

Why is ‘Juice Jacking’ Suddenly Back in the News?

Krebs on Security

KrebsOnSecurity received a nice bump in traffic this week thanks to tweets from the Federal Bureau of Investigation (FBI) and the Federal Communications Commission (FCC) about “ juice jacking ,” a term first coined here in 2011 to describe a potential threat of data theft when one plugs their mobile device into a public charging kiosk. It remains unclear what may have prompted the alerts, but the good news is that there are some fairly basic things you can do to avoid having to worry

article thumbnail

North Korean Hackers Chained Supply Chain Hacks to Reach 3CX

Data Breach Today

Mandiant Concludes 3CX Hack Was Result of Earlier Hack on Trading Software Maker North Korean hackers' software supply chain attack on desktop phone developer 3CX was the fruit of a separate and previously undisclosed supply chain attack on a financial trading software maker, is the conclusion of the Mandiant forensics team brought in to investigate.

288
288
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Brace Yourself for the 2024 Deepfake Election

WIRED Threat Level

No matter what happens with generative AI, its disruptive forces are already beginning to play a role in the fast-approaching US presidential race.

IT 144
article thumbnail

How to Prevent Malware Attacks: 8 Tips for 2023

IT Governance

Malware is one of the most common cyber security threats that organisations and individuals face. Whenever someone talks about their computer being infected, encountering bots or even falling victim to a scam email, malware is normally involved. It’s why anti-malware software is usually considered a top priority for staying safe online. However, those tools are not flawless.

article thumbnail

Western Digital Cyber Attack a ‘Wake Up Call for ASIC Vendors’

eSecurity Planet

A massive cyber attack targeting drive maker Western Digital Corp. (WDC) could potentially have serious and long-term implications. One of the hackers apparently disclosed the extent of the cyber attack to TechCrunch this week. Hackers accessed a range of company assets and stole about 10 terabytes of data, but the disclosure with the greatest potential for damage is that the hackers claim to have the ability to impersonate WDC code-signing certificates.

article thumbnail

Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones

Dark Reading

Unsophisticated attackers can pinpoint where a person lives by lifting metadata from Strava and other apps, even if they're using a feature specifically aimed at protecting their location information.

Metadata 126
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post we’ll examine clues left behind over the past decade by the proprietor of Faceless, including some that may help put a face to the name.

Passwords 239
article thumbnail

LockBit Ransomware Tests Taking a Bite Out of Apple Users

Data Breach Today

Don't Panic: Apparent macOS Beta Testing Is Highly Buggy, Poses No Immediate Threat Apple users: Don't fear newly discovered samples of LockBit ransomware designed to target newer macOS devices. Researchers say the still-in-development code, tied to no known in-the-wild attacks, contains numerous errors, leaving it unable to execute.

article thumbnail

ICE Is Grabbing Data From Schools and Abortion Clinics

WIRED Threat Level

An agency database WIRED obtained reveals widespread use of so-called 1509 summonses that experts say raises the specter of potential abuse.

Privacy 143