January, 2024

article thumbnail

Here’s Some Bitcoin: Oh, and You’ve Been Served!

Krebs on Security

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be first in which a federal court has recognized the use of information included in a bitcoin transaction — such as a link to a civil claim filed in federal court — as reasonably likely to provide notice of the lawsuit to the defendant.

article thumbnail

Data Privacy: Why It Matters To The Rest Of Us

Thales Cloud Protection & Licensing

Data Privacy: Why It Matters To The Rest Of Us madhav Mon, 01/22/2024 - 04:47 It seems that there are no limits to the number of data breaches. Company size is not a determinant of victimization, nor is industry or sector. All are equally viable targets. Some of the events are newsworthy, while others stay below the public’s awareness or attention. Most companies must grapple with difficult questions of how to recover from a breach; however, when the typical person hears about a data breach, the

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft Says Test Account Gave Hackers Keys to the Kingdom

Data Breach Today

Postmortem: Multiple Customers Also Targeted by Russian Nation-State Attackers A nation-state hacking group run by Russian intelligence gained access to a Microsoft "legacy, non-production test tenant account" and used it to authorize malicious Office 365 OAuth applications, access Outlook, and steal Microsoft and customers' emails and attachments, Microsoft said.

Access 334
article thumbnail

Police Arrest Teen Said to Be Linked to Hundreds of Swatting Attacks

WIRED Threat Level

A California teenager who allegedly used the handle Torswats to carry out a nationwide swatting campaign is being extradited to Florida to face felony charges, WIRED has learned.

Security 145
article thumbnail

Provide Real Value in Your Applications with Data and Analytics

The complexity of financial data, the need for real-time insight, and the demand for user-friendly visualizations can seem daunting when it comes to analytics - but there is an easier way. With Logi Symphony, we aim to turn these challenges into opportunities. Our platform empowers you to seamlessly integrate advanced data analytics, generative AI, data visualization, and pixel-perfect reporting into your applications, transforming raw data into actionable insights.

article thumbnail

Jamf Threat Labs discovers new malware embedded in pirated applications

Jamf

In this blog, Jamf Threat Labs researchers analyze malware they discovered in pirated macOS applications. These apps, appearing similar to ZuRu malware, download and execute multiple payloads to compromise machines in the background.

143
143

More Trending

article thumbnail

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022.

Passwords 320
article thumbnail

New iPhone Exploit Uses Four Zero-Days

Schneier on Security

Kaspersky researchers are detailing “an attack that over four years backdoored dozens if not thousands of iPhones, many of which belonged to employees of Moscow-based security firm Kaspersky.” It’s a zero-click exploit that makes use of four iPhone zero-days. The most intriguing new detail is the targeting of the heretofore-unknown hardware feature, which proved to be pivotal to the Operation Triangulation campaign.

Libraries 140
article thumbnail

Microsoft: Russian Hackers Had Access to Executives' Emails

Data Breach Today

Computing Giant Says Hackers Did Not Access Customer Data or Production Systems Russian state hackers obtained access to the inboxes of senior Microsoft executives for at least six weeks, the computing giant disclosed late Friday afternoon. "There is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.

Access 340
article thumbnail

Cops Used DNA to Predict a Suspect’s Face—and Tried to Run Facial Recognition on It

WIRED Threat Level

Leaked records reveal what appears to be the first known instance of a police department attempting to use facial recognition on a face generated from crime-scene DNA. It likely won’t be the last.

IT 145
article thumbnail

Entity Resolution: Your Guide to Deciding Whether to Build It or Buy It

Adding high-quality entity resolution capabilities to enterprise applications, services, data fabrics or data pipelines can be daunting and expensive. Organizations often invest millions of dollars and years of effort to achieve subpar results. This guide will walk you through the requirements and challenges of implementing entity resolution. By the end, you'll understand what to look for, the most common mistakes and pitfalls to avoid, and your options.

article thumbnail

Ukraine’s SBU said that Russia’s intelligence hacked surveillance cameras to direct a missile strike on Kyiv

Security Affairs

Ukraine’s SBU revealed that Russia-linked threat actors hacked surveillance cameras to spy on air defense forces and critical infrastructure in Kyiv. Ukraine’s SBU announced they shut down two surveillance cameras that were allegedly hacked by the Russian intelligence services to spy on air defense forces and critical infrastructure in Kyiv. The surveillance cameras were located in residential buildings and were used to monitor the surrounding area and a parking lot.

Military 136
article thumbnail

How Secure Is Cloud Storage? Features, Risks, & Protection

eSecurity Planet

Cloud storage is a cloud computing model that allows data storage on remote servers operated by a service provider, accessible via internet connections. It’s a scalable and cost-effective storage solution for businesses offered through a subscription service. When assessing the overall security of cloud storage and choosing a solution tailored to your business, it helps to determine its features, potential risks, security measures, and other considerations.

Cloud 125
article thumbnail

CJEU Rules on Processing of Sensitive Data and Compensation Under the GDPR

Hunton Privacy

On December 21, 2023, the Court of Justice of the European Union (“CJEU”) issued its judgment in the case of Krankenversicherung Nordrhein (C-667/21) in which it clarified, among other things, the rules for processing special categories of personal data (hereafter “sensitive personal data”) under Article 9 of the EU General Data Protection Regulation (“GDPR”) and the nature of the compensation owed for damages under Article 82 of the GDPR.

GDPR 125
article thumbnail

Code Written with AI Assistants Is Less Secure

Schneier on Security

Interesting research: “ Do Users Write More Insecure Code with AI Assistants? “: Abstract: We conduct the first large-scale user study examining how users interact with an AI Code assistant to solve a variety of security related tasks across different programming languages. Overall, we find that participants who had access to an AI assistant based on OpenAI’s codex-davinci-002 model wrote significantly less secure code than those without access.

Security 129
article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

Insurers Drop Bid to Exclude Merck's $1.4B NotPetya Claims

Data Breach Today

A Settlement Has Been Reached. So, How Might This Affect Similar Cases? A proposed settlement has been reached between Merck & Co. and several insurers that were appealing a 2023 court decision saying the insurance companies could not invoke "hostile warlike action" exclusions in refusing to pay drugmakers' claims filed after the 2017 NotPetya cyberattack.

Insurance 343
article thumbnail

How a 27-Year-Old Codebreaker Busted the Myth of Bitcoin’s Anonymity

WIRED Threat Level

Once, drug dealers and money launderers saw cryptocurrency as perfectly untraceable. Then a grad student named Sarah Meiklejohn proved them all wrong—and set the stage for a decade-long crackdown.

Privacy 144
article thumbnail

Multiple organizations in Iran were breached by a mysterious hacker

Security Affairs

Hudson Researchers reported that a mysterious hacker launched a series of attacks against industry-leading companies in Iran. Hudson Researchers reported that on December 20th, a hacker using the moniker ‘irleaks’ announced the availability for sale of over 160,000,000 records allegedly stolen from 23 leading insurance companies in Iran.

Insurance 130
article thumbnail

Facebook Phishing Scams Target Concerned Friends and Family

KnowBe4

BleepingComputer describes a phishing scam that’s been running rampant on Facebook for the past several months, in which threat actors use hacked accounts to post links to phony articles implying that someone has been killed in an accident.

Phishing 122
article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

CNIL Opens Consultation on Transfer Impact Assessment Guide

Hunton Privacy

On January 8, 2024, the French Data Protection Authority (the “CNIL”) opened a consultation on its draft guidance for the use of transfer impact assessments (“Guidance”). In describing the Guidance, the CNIL references the decision of the Court of Justice of the European Union in Schrems II and states that exporters relying on tools listed in Article 46(2) and Article 46(3) of the EU General Data Protection Regulation (“GDPR”) for personal data transfers are required to assess the level of prote

GDPR 125
article thumbnail

Why BYOD Is the Favored Ransomware Backdoor

eSecurity Planet

When remote workers connect bring-your-own-device (BYOD) laptops, desktops, tablets, and phones to corporate assets, risk dramatically increases. These devices exist outside of direct corporate management and provide a ransomware gang with unchecked platforms for encrypting data. Ransomware remains just one of many different threats and as security teams eliminate key vectors of attack, adversaries will shift tactics.

article thumbnail

Popular GPUs Used AI Systems Vulnerable to Memory Leak Flaw

Data Breach Today

LeftoverLocals Affects Apple, AMD and Qualcomm Devices Researchers uncovered a critical vulnerability in graphic processing units of popular devices that could allow attackers to access data from large language models. They dubbed the vulnerability LeftoverLocals and said it affects the GPU frameworks of Apple, AMD and Qualcomm devices.

Access 311
article thumbnail

The Pentagon Tried to Hide That It Bought Americans' Data Without a Warrant

WIRED Threat Level

US spy agencies purchased Americans' phone location data and internet metadata without a warrant but only admitted it after a US senator blocked the appointment of a new NSA director.

Metadata 125
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

LockBit ransomware gang claims the attack on the sandwich chain Subway

Security Affairs

The LockBit ransomware gang claimed to have hacked Subway, the American multinational fast food restaurant franchise. Subway IP LLC is an American multinational fast-food restaurant franchise that specializes in submarine sandwiches (subs), wraps, salads, and drinks. The Lockbit ransomware group added Subway to the list of victims on its Tor data leak site and threatened to leak the stolen data on February 02, 2024 at 21:44:16 UTC.

article thumbnail

What Should Be on Your AI Wishlist for eDiscovery: Insights from Dave Ruel, VP of Product at Hanzo

Hanzo Learning Center

In the rapidly evolving world of Artificial Intelligence (AI), it's crucial for enterprises to adopt technologies that integrate seamlessly into mission-critical workflows. Understanding the practicalities of this integration, especially in the legal domain, is key. To delve deeper into this topic, I had the opportunity to speak with Dave Ruel, VP of Product at Hanzo.

article thumbnail

Poisoning AI Models

Schneier on Security

New research into poisoning AI models : The researchers first trained the AI models using supervised learning and then used additional “safety training” methods, including more supervised learning, reinforcement learning, and adversarial training. After this, they checked if the AI still had hidden behaviors. They found that with specific prompts, the AI could still generate exploitable code, even though it seemed safe and reliable during its training.

Paper 119
article thumbnail

UK Government Publishes Draft Code of Practice on Cybersecurity Governance

Hunton Privacy

On January 23, 2024, the UK government announced that it published a draft Code of Practice on cybersecurity governance (the “Code”). The guidelines in the Code are intended to “help directors and senior leaders shore up their defences from cyber threats.” The Code has been designed in partnership with industry directors, cyber and governance experts, and the UK National Cyber Security Centre (NCSC), with a key focus to ensure that organizations have detailed plans in place to respond to and rec

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Exclusive: Cloud Vendor Returns Stolen Hospital Data

Data Breach Today

Alliance Had Sued LockBit Gang to Force Cloud Firm to Release Affected Patient Data A cloud services firm has turned over to a New York hospital alliance the patient data stolen in a ransomware attack by LockBit. The hospital group had filed a lawsuit against LockBit as a legal maneuver to force the storage firm to return data the cybercriminals had stashed on the vendor's servers.

Cloud 312
article thumbnail

‘Stablecoins’ Enabled $40 Billion in Crypto Crime Since 2022

WIRED Threat Level

A new report from Chainalysis finds that stablecoins like Tether, tied to the value of the US dollar, were used in the vast majority of crypto-based scam transactions and sanctions evasion in 2023.

Privacy 124
article thumbnail

5379 GitLab servers vulnerable to zero-click account takeover attacks

Security Affairs

Thousands of GitLab servers are vulnerable to zero-click account takeover attacks exploiting the flaw CVE-2023-7028. GitLab has recently released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. The most critical vulnerability, tracked as CVE-2023-7028 (CVSS score 10), is an account takeover via Password Reset.

Passwords 127