March, 2023

article thumbnail

Magniber Ransomware Group Exploiting Microsoft Zero Day

Data Breach Today

Microsoft Patches Another SmartScreen Signature-Based Vulnerability A financial motivated hacking group has been exploiting a now-patched zero-day vulnerability in the Windows operating system to deliver ransomware. Google Threat Analysis Group attributed the campaign to Magniber ransomware group. Microsoft issued a patch in its March dump of fixes.

article thumbnail

Feds Charge NY Man as BreachForums Boss “Pompompurin”

Krebs on Security

The U.S. Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums , a popular English-language cybercrime forum where some of the world biggest hacked databases routinely show up for sale. The forum’s administrator “ Pompompurin ” has been a thorn in the side of the FBI for years, and BreachForums is widely considered a reincarnation of RaidForums , a remarkably similar crime forum that the FBI infiltrated and dismantled in 20

Sales 294
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Why You Should Opt Out of Sharing Data With Your Mobile Provider

Krebs on Security

A new breach involving data from nine million AT&T customers is a fresh reminder that your mobile provider likely collects and shares a great deal of information about where you go and what you do with your mobile device — unless and until you affirmatively opt out of this data collection. Here’s a primer on why you might want to do that, and how.

article thumbnail

Twitter's Source Code Leak on GitHub a Potential Cyber Nightmare

Dark Reading

Indicators point to Twitter's source code being publicly available for around 3 months, offering a developer security object lesson for businesses.

Security 140
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

EDPB Guidelines on international transfers: 6 key takeways

Data Protection Report

EDPB Guidelines on the interplay between Article 3 and the provisions in Chapter V of the General Data Protection Regulation on international data transfers On 14 February 2023, the European Data Protection Board ( EDPB ) published its Guidelines on the interplay between Article 3 and the provisions in Chapter V of the General Data Protection Regulation ( GDPR ) on international data transfers (the Guidelines ).

GDPR 141

More Trending

article thumbnail

Latitude Financial Admits 14M Customer Details Breached

Data Breach Today

Nearly 8 Million Driver's Licenses Stolen, Says Australian Consumer Lender A hacking incident at Australian non-bank lender Latitude Financial affected a far greater number of individuals than initially disclosed, the company said Monday. It now estimates that its mid-March cybersecurity incident affected 14 million people although it has just over 2.8 million customers.

article thumbnail

The Uniquely American Future of US Authoritarianism

WIRED Threat Level

The GOP-fueled far right differs from similar movements around the globe, thanks to the country’s politics, electoral system, and changing demographics.

Security 143
article thumbnail

UK Sets Up Fake Booter Sites To Muddy DDoS Market

Krebs on Security

The United Kingdom’s National Crime Agency (NCA) has been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services. The warning displayed to users on one of the NCA’s fake booter sites.

article thumbnail

Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears

Dark Reading

More than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information.

Security 144
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Hong Kong’s data privacy law reform may come in 2023

Data Protection Report

The reform of Hong Kong’s Personal Data (Privacy) Ordinance (Cap.486) (the PDPO ) is back on the agenda. In our earlier post in 2020, we reported that the Constitutional and Mainland Affairs Bureau published a discussion paper (the Discussion Paper ) seeking the Legislative Council’s Panel on Constitutional Affairs’ (the Panel ) views on proposed changes to the PDPO.

article thumbnail

Key Points from the US National Cybersecurity Strategy 2023

Thales Cloud Protection & Licensing

Key Points from the US National Cybersecurity Strategy 2023 divya Mon, 03/13/2023 - 15:39 On March 2, the Biden administration released its 2023 National Cybersecurity Strategy, an attempt “ to secure the full benefits of a safe and secure digital ecosystem for all Americans.” The Strategy recognizes that the US government must use all tools of national power in a coordinated manner to protect national security, public safety, and economic prosperity.

article thumbnail

Look Beyond TikTok: Massive Data Collection Is the Real Risk

Data Breach Today

All Social Media Apps Collect Information on a Scale That Facilitates Surveillance There's much national security ado about how much user data gets collected by the Chinese-owned, wildly popular video-sharing app TikTok. But as France's ban of "recreational apps" from government-issued devices highlights, a bigger-picture approach for combating surveillance is required.

article thumbnail

How Good Smile, a Major Toy Company, Kept 4chan Online

WIRED Threat Level

Documents obtained by WIRED confirm that Good Smile, which licenses toy production for Disney, was an investor in the controversial image board.

Privacy 145
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Sued by Meta, Freenom Halts Domain Registrations

Krebs on Security

The domain name registrar Freenom , whose free domain names have long been a draw for spammers and phishers, has stopped allowing new domain name registrations. The move comes just days after the Dutch registrar was sued by Meta , which alleges the company ignores abuse complaints about phishing websites while monetizing traffic to those abusive domains.

Phishing 239
article thumbnail

Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest

Dark Reading

In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest.

145
145
article thumbnail

List of Data Breaches and Cyber Attacks in February 2023 – 29.5 Million Records Breached

IT Governance

Welcome to our February 2023 list of data breaches and cyber attacks. Our research identified 106 publicly disclosed incidents accounting for 29,582,356 breached records this month. It follows a mammoth start to the year, with more than 277 million breached records in January , and brings the running total for the year to over 300 million pieces of compromised personal data.

article thumbnail

MacStealer malware: A growing threat to macOS users

Jamf

MacStealer has been discovered and linked to a threat actor distributing it in the wild. The malicious code extracts a variety of files, browser cookies, and login information from a victim's system. Also, it collects end-user privacy and sensitive data, like credit card information from popular web browsers. Learn more about this new macOS malware variant and how Jamf Protect safeguards your devices, users and data from this emerging threat.

Privacy 128
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

CISA Warns That Royal Ransomware Is Picking Up Steam

Data Breach Today

US Agency Says Royal Ransomware Group Is Made Up of Experienced Threat Actors The Royal ransomware group targeting critical infrastructure in the United States and other countries is made up of experienced ransomware attackers and has strong similarities to Conti, the infamous Russia-linked hacking group, according to a new alert issued by U.S. authorities.

article thumbnail

Understanding DMARC Better

KnowBe4

I talk and present often about DMARC (and SPF and DKIM), including here. A lot of people who think they understand how DMARC works, do not really understand it as well as they think they do. This post is aimed to help clarify some common misunderstandings.

IT 127
article thumbnail

Two U.S. Men Charged in 2022 Hacking of DEA Portal

Krebs on Security

Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims.

article thumbnail

GitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository

Dark Reading

GitHub hastens to replace its RSA SSH host key after an exposure mishap threatens users with man-in-the-middle attacks and organization impersonation.

IT 142
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

UK ICO Issues Updated Guidance on AI and Data Protection

Hunton Privacy

On March 15, 2023, the UK Information Commissioner’s Office (“ICO”) published an updated version of its guidance on AI and data protection (the “updated guidance”), following requests from UK industry to clarify requirements for fairness in AI. The key updates are summarized as follows: The updated guidance has been restructured using the data protection principles as the core of the structure.

article thumbnail

The value of Micro Focus to OpenText – analysts weigh in

OpenText Information Management

The size and scope of the OpenText acquisition of Micro Focus makes the deal newsworthy, and industry pundits have generally greeted the news with optimism. The strategic value for OpenText spans a range of market opportunities, as evidenced by the recent assessments of three analysts who cover the tech market. This blog takes a closer … The post The value of Micro Focus to OpenText – analysts weigh in appeared first on OpenText Blogs.

Marketing 121
article thumbnail

Irish Authorities Levy GDPR Fine in Centric Health Breach

Data Breach Today

2019 Ransomware Breach Affected 70,000 Patients, Destroyed Records of 2,500 of Them Irish authorities have fined a healthcare organization 460,000 euros - about $490,000 - for a 2019 Calum ransomware breach that compromised sensitive information of 70,000 patients, including the permanent deletion of data for about 2,500 of them.

GDPR 299
article thumbnail

[Eye Opener] Businessweek: The Satellite Hack Everyone Is Finally Talking About

KnowBe4

This morning, Bloomberg News pointed at a brand new article at BusinessWeek, one of their media properties. This is an excellent article that exposes the vulnerabilities when communications systems are designed without built-in security from the get-go. It is an excellent wake-up call for your C-level execs and powerful budget ammo.

article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

Who’s Behind the NetWire Remote Access Trojan?

Krebs on Security

A Croatian national has been arrested for allegedly operating NetWire , a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of Investigation (FBI). While the defendant in this case hasn’t yet been named publicly, the NetWire website has been leaking information about the likely true identity and location of its owne

Access 234
article thumbnail

IceFire Ransomware Portends a Broader Shift From Windows to Linux

Dark Reading

IceFire has changed up its OS target in recent cyberattacks, emblematic of ransomware actors increasingly targeting Linux enterprise networks, despite the extra work involved.

article thumbnail

UK Introduces Data Protection and Digital Information (No. 2) Bill

Hunton Privacy

On March 8, 2023, the UK Secretary of State for Science, Innovation and Technology, Michelle Donelan, introduced the Data Protection and Digital Information (No. 2) Bill to UK Parliament. The first version of the reform bill was originally proposed by the UK government in July 2022, but was put on pause during September 2022. According to UK government in its press release , the Bill will “introduce a simple, clear and business-friendly framework that will not be difficult or costly to implemen