Sat.Feb 18, 2023 - Fri.Feb 24, 2023

article thumbnail

New HardBit 2.0 Ransomware Tactics Target Insurance Coverage

Data Breach Today

Hackers Demand Info on Victim's Cyber Insurance Policy to Negotiate Ransom Demand The newly relaunched HardBit 2.0 ransomware group is now demanding victims disclose details of their cyber insurance coverage before negotiating a ransom demand. The group, which has been active since 2022, has demanded that one victim pay $10 million in ransom, according to researchers at Varonis.

Insurance 265
article thumbnail

GUEST ESSAY: Too many SMBs continue to pay ransomware crooks — exacerbating the problem

The Last Watchdog

Well-placed malware can cause crippling losses – especially for small and mid-sized businesses. Related: Threat detection for SMBs improves Not only do cyberattacks cost SMBs money, but the damage to a brand’s reputation can also hurt growth and trigger the loss of current customers. One report showed ransomware attacks increased by 80 percent in 2022, with manufacturing being one of the most targeted industries.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Scammers Mimic ChatGPT to Steal Business Credentials

Dark Reading

Hackers will take anything newsworthy and turn it against you, including the world's most advanced AI-enabled chatbot.

IT 123
article thumbnail

DDoS Attacks Becoming More Potent, Shorter in Duration

Data Breach Today

US, India and East Asia Were Top Targets in 2022, Microsoft Report Says In a new report, tech giant Microsoft says distributed denial-of-service attacks became shorter in duration but more potent in 2022. The United States, India and East Asia were the top regions affected by DDoS attacks, and IoT devices continued to be the preferred mode of attack.

IoT 287
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Cyberwar Lessons from the War in Ukraine

Schneier on Security

The Aspen Institute has published a good analysis of the successes, failures, and absences of cyberattacks as part of the current war in Ukraine: “ The Cyber Defense Assistance Imperative ­ Lessons from Ukraine.” Its conclusion: Cyber defense assistance in Ukraine is working. The Ukrainian government and Ukrainian critical infrastructure organizations have better defended themselves and achieved higher levels of resiliency due to the efforts of CDAC and many others.

Paper 111

More Trending

article thumbnail

The IG Business Case is Like Playing with Table Stakes

Weissman's World

Oddly enough, the term “table stakes” applies to information governance (IG) as well as gambling because you’ll usually have but one chance to convince the other people at the table that IG makes good business sense and can’t readily add to your argument. Here’s 171 seconds more about this! The post The IG Business Case is Like Playing with Table Stakes appeared first on Holly Group.

article thumbnail

Crime Blotter: Hackers Fail to Honor Promises to Delete Data

Data Breach Today

Police Say Gang Extorted Millions From Victims Not Just by Stealing, But Lying Too Cybercrime experts have long urged victims to never pay a ransom in return for any promise an attacker makes to delete stolen data. That's because, as a recent case highlights, whatever extortionists might promise, stolen personal data is lucrative, and it often gets sold six ways from Sunday.

article thumbnail

Evasive cryptojacking malware targeting macOS found lurking in pirated applications

Jamf

Over the past few months Jamf Threat Labs has been following a family of malware that resurfaced and has been operating undetected, despite an earlier iteration being a known quantity to the security community. In this article, we’ll examine this malware and the glimpse it offers into the ongoing arms race between malware authors and security researchers as well as highlight the need for enhanced security on Apple devices to ensure their safe and effective use in production environments.

Security 145
article thumbnail

EDPB Adopts Three Sets of Guidelines in Final Form

Hunton Privacy

On February 24, 2023, following public consultation, the European Data Protection Board (EDPB) published the following three sets of adopted guidelines: Guidelines on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V GDPR (05/2021) ( final version ); Guidelines on certification as a tool for transfers (07/2022) ( final version ); and Guidelines on deceptive design patterns in social media platform interfaces (03/2022) ( final versio

GDPR 123
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

'New Class of Bugs' in Apple Devices Opens the Door to Complete Takeover

Dark Reading

With the right kind of exploit, there's hardly any function, app, or bit of data an attacker couldn't access on your Mac, iPad, or iPhone.

Access 136
article thumbnail

Breach Roundup: Activision, SAS, Dole, Atlassian, VGTRK

Data Breach Today

Incidents at Video Game Maker, Airline, Fruit Processor, SW and Broadcast Companies In this week's roundup of cybersecurity incidents happening around the world, ISMG looks at incidents affecting the maker of the video game Call of Duty, Scandinavian Airlines, renowned fruit and vegetable giant Dole, Australian software maker Atlassian, and Russian broadcast company VGTRK.

article thumbnail

IT Governance Podcast 2023-4: EU-US Data Privacy Framework, Twitter 2FA, GoDaddy, HardBit 2.0

IT Governance

This week, we discuss the European Parliament Committee on Civil Liberties’s opinion of the EU-US Data Privacy Framework, Twitter’s decision to disable free text-based 2FA, a series of attacks on GoDaddy’s infrastructure and the HardBit 2.0 ransomware group’s negotiation tactics. Now available on Spotify , Amazon Music , Apple Podcasts and SoundCloud.

article thumbnail

Top 9 reasons to modernize

OpenText Information Management

How do your top reasons stack up? Nine strategic reasons to put modernization at the top of your list: Reason #1 – Improve total experience Customer experience and employee experience are inextricably linked – there is no one without the other. Modernizing legacy technology helps improve total experience, boosting employee and customer satisfaction, loyalty and … The post Top 9 reasons to modernize appeared first on OpenText Blogs.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

CISA: Beware of DDoS, Web Defacements on Anniversary of Russian Invasion of Ukraine

Dark Reading

The Cybersecurity and Infrastructure Security Agency advises US and European nations to prepare for possible website attacks marking the Feb. 24 invasion of Ukraine by Russia.

article thumbnail

Twitter to Charge for Second-Factor Authentication

Data Breach Today

Decision Sparks Concerns That Twitter Accounts Will Be Less Secure Twitter says it will turn off SMS second-factor authentication for all but paying customers starting March 20 in a decision provoking concerns that many customers will be less secure than before. Twitter says 2.6% of active Twitter accounts have activated second-factor authentication.

article thumbnail

Twitter to Charge Users for SMS Two-Factor Authentication in Apparent Security Crackdown

IT Governance

In yet another controversial policy move, Twitter announced this week that it’s removing text-based 2FA (two-factor authentication) for non-paying users. The log-in mechanism is designed to protect people’s accounts from scammers by requiring them to provide second piece of information in addition to a password. This is typically a code generated in an app, sent to an email address or delivered by text message. 2FA is considered an essential part of online security, but Twitter announced last we

article thumbnail

Should You Click on Unsubscribe?

KnowBe4

Some common questions we get are “Should I click on an unwanted email’s ’Unsubscribe’ link? Will that lead to more or less unwanted email?

Phishing 113
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Pirated Final Cut Pro for macOS Offers Stealth Malware Delivery

Dark Reading

The number of people who have made the weaponized software available for sharing via torrent suggests that many unsuspecting victims may have downloaded the XMRig coin miner.

107
107
article thumbnail

The Security Perks and Perils of OpenAI on Microsoft Bing

Data Breach Today

OpenAI on Bing Carries Code and Traffic Risks But Will Also Simplify Code Analysis Embedding OpenAI technology in Microsoft Bing will help both hackers and cyber defenders. The AI tool could make it easier for hackers to drive traffic to malicious sites, avoid search engine blocking and distribute malware, but it could also help security teams with code analysis and threat intel.

Security 207
article thumbnail

Hackers are actively exploiting CVE-2022-47966 flaw in Zoho ManageEngine

Security Affairs

Experts warn of threat actors actively exploiting the critical CVE-2022-47966 (CVSS score: 9.8) flaw in Zoho ManageEngine. Multiple threat actors are actively exploiting the Zoho ManageEngine CVE-2022-47966 (CVSS score: 9.8) in attacks in the wild, Bitdefender Labs reported. “Starting on January 20 2023, Bitdefender Labs started to notice a global increase in attacks using the ManageEngine exploit CVE-2022-47966.” reads the report published by Bitdefender Labs.

article thumbnail

What is SaaS Sprawl and How Does it Affect Enterprise Ediscovery?

Hanzo Learning Center

In ediscovery, most of the information collected during litigation involves email and other communication data (e.g. Slack and MS Teams). But the growing use of SaaS applications adds an additional element to the blanket term “collaboration data.” These applications encompass many uses, including project management, ticketing services, content management, sales data, and more.

IT 98
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

87% of Container Images in Production Have Critical or High-Severity Vulnerabilities

Dark Reading

At the inaugural CloudNativeSecurityCon, DevSecOps practitioners discussed how to shore up the software supply chain.

130
130
article thumbnail

5 Lawsuits Filed in Ransomware Breach Affecting 3.3 Million

Data Breach Today

Proposed Class Actions Against Regal Medical Group Allege Negligence, Other Claims Five proposed class action lawsuits have been filed so far in the wake of a California medical group's Feb. 1 report of a ransomware attack last December affecting more than 3.3 million individuals. The incident is the largest health data breach reported to federal regulators so far this year.

article thumbnail

PoC exploit code for critical Fortinet FortiNAC bug released online

Security Affairs

Researchers released a proof-of-concept exploit code for the critical CVE-2022-39952 vulnerability in the Fortinet FortiNAC network access control solution. Researchers at Horizon3 cybersecurity firm have released a proof-of-concept exploit for a critical-severity vulnerability, tracked as CVE-2022-39952 , in Fortinet’s FortiNAC network access control solution.

article thumbnail

AI + ML: what it means for IT and InfoSec

Jamf

Artificial Intelligence and Machine Learning are both advanced technologies that can do far more to help us work smarter, not harder than we can possibly contemplate. What the future holds is anyone’s guess, but the burning question we look at today is: how do they impact IT and InfoSec and the roles of the individuals tasked with securely managing endpoints?

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Tackling Software Supply Chain Issues With CNAPP

Dark Reading

The cloud-native application protection platform market is expanding as security teams look to protect their applications and the software supply chain.

Marketing 111
article thumbnail

Why Is AT&T Cybersecurity Such a Good Acquisition Target?

Data Breach Today

Analysts Praised AT&T Cybersecurity for Bringing Threat Intel and MSS Together AT&T wants to unload its cyber assets just five years after doubling down on security through its $600 million purchase of threat intelligence vendor AlienVault. The Dallas-based carrier has been working with British banking firm Barclays to solicit bids for its cybersecurity business, Reuters said.

article thumbnail

Experts found a large new class of bugs ‘class’ in Apple devices

Security Affairs

Tech giant Apple discloses three new vulnerabilities affecting its iOS, iPadOS , and macOS operating systems. Apple updated its advisories by adding three new vulnerabilities, tracked as CVE-2023-23520, CVE-2023-23530 and CVE-2023-23531, that affect iOS, iPadOS , and macOS. An attacker can trigger the CVE-2023-23530 flaw to execute arbitrary code out of its sandbox or with certain elevated privileges.

Access 98