February, 2023

article thumbnail

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites.

Security 262
article thumbnail

Chinese Threat Group Leaks Hacking Secrets in Failed Attack

Data Breach Today

The Tonto Team Used Spear-Phishing Emails to Target Group-IB Employees Group-IB says a July 2022 spear-phishing attempt on its own employees came from the Chinese threat actor known variously as Tonto Team and CactusPete. Tonto Team may be a unit of China's People's Liberation Army.

Phishing 334
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: Data loss prevention beccomes paramount — expecially in the wake of layoffs

The Last Watchdog

When a company announces layoffs, one of the last things most employees or even company owners worry about is data loss. Related: The importance of preserving trust in 2023 Valuable or sensitive information on a computer is exposed to theft or to getting compromised. This can happen due to intentional theft, human error, malware, or even physical destruction of servers. But it’s a real and growing risk to be aware of.

article thumbnail

How the Ukraine War Opened a Fault Line in Cybercrime, Possibly Forever

Dark Reading

Infighting, conscription, emigration. The war in Ukraine has pitted cybercriminals against one another like no other event before it

IT 142
article thumbnail

Everything You Need to Know About Crypto

Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy

This exclusive webinar with Ryan McInerny will teach you all about cryptocurrency and NFTs! Register to learn more about identifying crypto transactions, crypto asset market trends, managing risk and compliance, and supporting customers and partners using crypto-based payments.

article thumbnail

Crime Blotter: Hackers Fail to Honor Promises to Delete Data

Data Breach Today

Police Say Gang Extorted Millions From Victims Not Just by Stealing, But Lying Too Cybercrime experts have long urged victims to never pay a ransom in return for any promise an attacker makes to delete stolen data.

More Trending

article thumbnail

Hackers Claim They Breached T-Mobile More Than 100 Times in 2022

Krebs on Security

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests.

Phishing 309
article thumbnail

Data Breaches: The Complete WIRED Guide

WIRED Threat Level

Everything you need to know about the past, present, and future of data security—from Equifax to Yahoo—and the problem with Social Security numbers. Security

article thumbnail

SHARED INTEL: The expect impacts of Pres. Biden’s imminent National Cybersecurity Strategy

The Last Watchdog

The United States will soon get some long-awaited cybersecurity updates. Related: Spies use Tik Tok, balloons That’s because the Biden administration will issue the National Cyber Strategy within days. Despite lacking an official published document, some industry professionals have already seen a draft copy of the strategic plan and weighed in with their thoughts. Here’s a look at some broad themes to expect and how they will impact businesses: •New vendor responsibilities.

article thumbnail

CISOs Share Their 3 Top Challenges for Cybersecurity Management

Dark Reading

The biggest dilemmas in running a modern cybersecurity team are not all about software, said CISOs from HSBC, Citi, and Sepio

article thumbnail

Contact vs. Company Intent Signal Data

Intent signal data comes in two types: either companies or individuals signaling interest in products like yours. Which kind of data delivers more advantages to B2B marketers? It depends. Get this infographic to learn about the advantages of intent-based leads and how you can most effectively use both types of data.

article thumbnail

Government Sanctions: No Ransomware Please, We're British

Data Breach Today

UK Toughens Anti-Cybercrime Stance by Sanctioning Accused Operators for First Time As ransomware continues to disrupt British organizations, the U.K. for the first time has sanctioned alleged cybercriminals, including accused Conti and TrickBot operators.

article thumbnail

Putting Undetectable Backdoors in Machine Learning Models

Schneier on Security

This is really interesting research from a few months ago: Abstract: Given the computational cost and technical expertise required to train machine learning models, users may delegate the task of learning to a service provider.

Paper 140
article thumbnail

New Protections for Food Benefits Stolen by Skimmers

Krebs on Security

Millions of Americans receiving food assistance benefits just earned a new right that they can’t yet enforce: The right to be reimbursed if funds on their Electronic Benefit Transfer (EBT) cards are stolen by card skimming devices secretly installed at cash machines and grocery store checkout lanes.

article thumbnail

China Is Relentlessly Hacking Its Neighbors

WIRED Threat Level

New details reveal that Beijing-backed hackers targeted the Association of Southeast Asian Nations, adding to a string of attacks in the region. Security Security / Cyberattacks and Hacks

IT 128
article thumbnail

Exploring the Overlap: Cost Optimization and Digital Transformation

Speaker: Alex Jiménez, Managing Principal, Financial Service Consulting for EPAM

The largest banks have increased reserves for protection against deteriorating economic conditions. Should banks delay their digital transformation investments and focus on cost reductions? In this webinar, Alex Jiménez will walk us through that question and examine the prudent course of action.

article thumbnail

GUEST ESSAY: Advanced tools are ready to help SMBs defend Microsoft 365, Google Workspace

The Last Watchdog

Throughout 2022, we saw hackers become far more sophisticated with their email-based cyber attacks. Using legitimate services and compromised corporate email addresses became a norm and is likely to continue in 2023 and beyond. Related: Deploying human sensors Additionally, with tools like ChatGPT, almost anyone can create new malware and become a threat actor.

article thumbnail

Attackers Were on Network for 2 Years, News Corp Says

Dark Reading

The publisher of the Wall Street Journal, New York Post, and several other publications had last year disclosed a breach it said was the work of a state-backed actor likely working for China

IT 144
article thumbnail

Play Ransomware Lists A10 Networks on its Leak Site

Data Breach Today

Group Says It Has Confidential Data, Tech Docs; A10 Says Operations Not Impacted The Play ransomware group listed networking hardware manufacturer A10 Networks in its leak site, after briefly gaining access to its IT infrastructure, according to data breach notifications firm BetterCyber.

article thumbnail

Cyberwar Lessons from the War in Ukraine

Schneier on Security

The Aspen Institute has published a good analysis of the successes, failures, and absences of cyberattacks as part of the current war in Ukraine: “ The Cyber Defense Assistance Imperative ­ Lessons from Ukraine.” ” Its conclusion: Cyber defense assistance in Ukraine is working.

Security 122
article thumbnail

Intent Signal Data 101

Intent signal data helps B2B marketers engage with buyers sooner in the sales cycle. But there are many confusing terms used to describe intent data. Read this infographic to better understand three common areas of confusion.

article thumbnail

Who’s Behind the Botnet-Based Service BHProxies?

Krebs on Security

A security firm has discovered that a six-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies , which offers paying customers the ability to route their web traffic anonymously through compromised computers.

Security 226
article thumbnail

Biden’s SOTU: Data Privacy Is Now a Must-Hit US State of the Union Topic

WIRED Threat Level

Biden’s speech proves that protecting personal info is no longer a fringe issue. Now, Congress just needs to do something about it. Security Security / Privacy

article thumbnail

GUEST ESSAY: The case for complying with ISO 27001 — the gold standard of security frameworks

The Last Watchdog

Of the numerous security frameworks available to help companies protect against cyber-threats, many consider ISO 27001 to be the gold standard. Related: The demand for ‘digital trust’ Organizations rely on ISO 27001 to guide risk management and customer data protection efforts against growing cyber threats that are inflicting record damage , with the average cyber incident now costing $266,000 and as much as $52 million for the top 5% of incidents.

article thumbnail

'New Class of Bugs' in Apple Devices Opens the Door to Complete Takeover

Dark Reading

With the right kind of exploit, there's hardly any function, app, or bit of data an attacker couldn't access on your Mac, iPad, or iPhone

Access 145
article thumbnail

The Anti-Money Laundering Act of 2020: Initial Catalysts, Current Implications, and Future Impacts

Speaker: Elizabeth "Paige" Baumann, Founder and CEO of Paige Baumann Advisory, LLC

In this session, Elizabeth “Paige” Baumann will cover the Anti-Money Laundering Act of 2020, which also includes the Corporate Transparency Act. She'll take a deep dive into the catalysts that brought on the act, the current implications of the act, and what impacts the act has on the future of banking and finance.

article thumbnail

LockBit Group Goes From Denial to Bargaining Over Royal Mail

Data Breach Today

Ransomware Remains a Royal Pain, as Criminals' Latest Extortion Attempt Highlights The LockBit group has gone from denying it had any involvement in the ransomware attack on Britain's Royal Mail, to trying to bargain for a ransom.

article thumbnail

Should You Click on Unsubscribe?

KnowBe4

Some common questions we get are “Should I click on an unwanted email’s ’Unsubscribe’ link? Will that lead to more or less unwanted email?” Phishing

Phishing 115
article thumbnail

Finland’s Most-Wanted Hacker Nabbed in France

Krebs on Security

Julius “Zeekill” Kivimäki, a 25-year-old Finnish man charged with extorting a local online psychotherapy practice and leaking therapy notes for more than 22,000 patients online, was arrested this week in France.

ROT 220
article thumbnail

Cybersecurity Analysts Using ChatGPT for Malicious Code Analysis, Predicting Threats

eSecurity Planet

ChatGPT has raised alarm among cybersecurity researchers for its unnerving ability in composing everything from sophisticated malware to phishing lures – but it’s important to keep in mind that the tool can help support cybersecurity defenses as well.

article thumbnail

Aggregage Intent Signal Service

Aggregage Intent Signal Service helps your sales team reach more active buyers sooner. You’ll get names and contact information of specific in-market buyers plus all companies and job titles signaling intent for your product or service. Get the overview to learn more!

article thumbnail

GUEST ESSAY: Testing principles to mitigate real-world risks to ‘SASE’ and ‘Zero Trust’ systems

The Last Watchdog

A new generation of security frameworks are gaining traction that are much better aligned to today’s cloud-centric, work-from-anywhere world. Related: The importance of ‘attack surface management’ I’m referring specifically to Secure Access Service Edge (SASE) and Zero Trust (ZT). SASE replaces perimeter-based defenses with more flexible, cloud-hosted security that can extend multiple layers of protection anywhere.

Risk 147
article thumbnail

87% of Container Images in Production Have Critical or High-Severity Vulnerabilities

Dark Reading

At the inaugural CloudNativeSecurityCon, DevSecOps practitioners discussed how to shore up the software supply chain

145
145
article thumbnail

DDoS Attacks Becoming More Potent, Shorter in Duration

Data Breach Today

US, India and East Asia Were Top Targets in 2022, Microsoft Report Says In a new report, tech giant Microsoft says distributed denial-of-service attacks became shorter in duration but more potent in 2022.

IoT 290