Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post we’ll examine clues left behind over the past decade by the proprietor of Faceless, including some that may help put a face to the name.

Passwords 239

Passwords IoT Security Retail 239

KnowBe4

APRIL 20, 2023

At a time when cyber attacks are achieving success in varying degrees and IT pros are keeping quiet about resulting breaches, there is one specific type of attack that has them most worried.

Security 75

Security IT Data breaches 75

Data Breach Today

APRIL 19, 2023

Only 15% of Global Orgs Rank as 'Mature' on Cisco’s Cybersecurity Readiness Index Cisco's Cybersecurity Readiness Index shows a mere 15% of global organizations rank as mature across five security pillars.

Cybersecurity 162

Cybersecurity Security 162

Data Breach Today

APRIL 20, 2023

Eset Finds Customer Info, VPN Credentials & Authentication Keys on Used Routers Sanitize IT gear before decommissioning is well-trod cybersecurity advice made to corporations everywhere and yet many persist in disposing of equipment still laden with sensitive data. Cybersecurity firm Eset says it found a wealth of corporate data on secondhand routers.

Cybersecurity 147

Cybersecurity Authentication IT 147

Advertisement

At the beginning of 2023, concern grew over pixels and trackers, which load into the browser as a part of the software supply chain, being used by data harvesting platforms to collect user data. The data is then transferred to the servers of the companies owning the pixels/trackers as a part of their advertising and marketing business. Aggressive data harvesting practices increase the likelihood and/or actual transfer of sensitive data, which may cause unintended consequences, including expensiv

Security

Dark Reading

APRIL 19, 2023

Attackers continued to favor software exploits, phishing, and stolen credentials as initial-access methods last year, as Log4j and the Russia-Ukraine cyber conflict changed the threat landscape.

Phishing 93

Phishing Access 93

The Last Watchdog

APRIL 21, 2023

Adopting personas and rubbing elbows with criminal hackers and fraudsters is a tried-and-true way to glean intel in the Dark Web. Related: In pursuit of a security culture It’s not at all unusual to find law enforcement agents and private sector threat intelligence analysts concocting aliases that permit them to lurk in unindexed forums, vetted message boards and encrypted code repositories.

Risk 200

Risk Encryption Cybersecurity Security 200

Data Breach Today

APRIL 20, 2023

Mandiant Concludes 3CX Hack Was Result of Earlier Hack on Trading Software Maker North Korean hackers' software supply chain attack on desktop phone developer 3CX was the fruit of a separate and previously undisclosed supply chain attack on a financial trading software maker, is the conclusion of the Mandiant forensics team brought in to investigate.

288

288

Jamf

APRIL 21, 2023

Learn about the macOS malware variant discovered by Jamf Threat Labs named 'RustBucket' What it does, how it works to compromise macOS devices, where it comes from and what administrators can do to protect their Apple fleet.

IT 145

IT 145

Dark Reading

APRIL 20, 2023

A bug in how Google Cloud Platform handles OAuth tokens opened the door to Trojan apps that could access anything in users' personal or business Google Drives, Photos, Gmail, and more.

Cloud 145

Cloud Access 145

Advertisement

Case studies are proof of successful client relations and a verifiable product or service. They persuade buyers by highlighting your customers' experiences with your company and its solution. In sales, case studies are crucial pieces of content that can be tailored to prospects' pain points and used throughout the buyer's journey. In marketing, case studies are versatile assets for generating business, providing reusable elements for ad and social media content, website material, and marketing c

Sales

The Last Watchdog

APRIL 19, 2023

In the age before the cloud, data security was straightforward. Related: Taming complexity as a business strategy Enterprises created or ingested data, stored it and secured it in a physical data center. Data security was placed in the hands of technicians wearing tennis shoes, who could lay their hands on physical servers. Today, company networks rely heavily on hybrid cloud and multi-cloud IT resources, and many startups are cloud native.

Cloud 185

Cloud Security Compliance IT 185

Data Breach Today

APRIL 17, 2023

Don't Panic: Apparent macOS Beta Testing Is Highly Buggy, Poses No Immediate Threat Apple users: Don't fear newly discovered samples of LockBit ransomware designed to target newer macOS devices. Researchers say the still-in-development code, tied to no known in-the-wild attacks, contains numerous errors, leaving it unable to execute.

Ransomware 287

Ransomware IT 287

Jamf

APRIL 17, 2023

Jamf Threat Labs examines two sophisticated spyware attacks and provides recommendations for organizations to defend users from increasingly complex threats.

143

143

Dark Reading

APRIL 19, 2023

Unsophisticated attackers can pinpoint where a person lives by lifting metadata from Strava and other apps, even if they're using a feature specifically aimed at protecting their location information.

Metadata 142

Metadata Privacy 142

Advertisement

Unleash the power of NoSQL with "Apache Cassandra® NoSQL for the Relational DBA." Learn from Lewis DiFelice, an experienced Professional Services Consultant at Instaclustr, as he shares his journey transitioning from SQL to managing a 40-node Cassandra cluster. Gain insights into Cassandra's architecture, configuration strategies, and best practices.

The Last Watchdog

APRIL 20, 2023

Good intelligence in any theater of war is invaluable. Timely, accurate intel is the basis of a robust defense and can inform potent counterattacks. Related: Ukraine hit by amplified DDoS This was the case during World War II in The Battle of Midway and at the Battle of the Bulge and it holds true today in the Dark Web. The cyber underground has become a highly dynamic combat zone in which cyber criminals use engrained mechanisms to shroud communications.

Security 176

Security Communications IT 176

Data Breach Today

APRIL 19, 2023

Generative AI tools such as ChatGPT will undoubtedly change the way clinicians and healthcare cybersecurity professionals work, but the use of these technologies come with security, privacy and legal concerns, says Lee Kim of the Healthcare Information Management and Systems Society.

Security 277

Security Cybersecurity Privacy 277

AIIM

APRIL 21, 2023

AIIM is proud to release its State of the Intelligent Information Management Industry report for 2023. Filled with insights and trends that organizations should take note of, the report results from a survey conducted among AIIM members. It provides a comprehensive overview of the current state of information management across different industries. Intelligent Information Management (IIM) is the practice of managing information in a way that optimizes its value to the organization.

Digital transformation 104

Digital transformation Artificial Intelligence Information governance Records Management 104

Dark Reading

APRIL 18, 2023

Researchers warn about a dangerous wave of unwiped, secondhand core-routers found containing corporate network configurations, credentials, and application and customer data.

142

142

As a business leader, you know it's important to update your apps, but it can be tough to figure out the best approach. This whitepaper helps you in upgrading your current applications using modernization strategies without any business disruptions.

IT

The Last Watchdog

APRIL 21, 2023

Managed Security Service Providers, MSSPs, have been around for some time now as a resource to help companies operate more securely. Related: CMMC mandates best security practices Demand for richer MSSP services was already growing at a rapid pace, as digital transformation gained traction – and then spiked in the aftermath of Covid 19. By one estimate, companies are on track to spend $77 billion on MSSP services by 2030, up from $22 billion in 2020.

Cybersecurity 168

Cybersecurity Digital transformation Security Marketing 168

Data Breach Today

APRIL 18, 2023

UK's Online Safety Bill Criticized for Infringing on Private Communications Major internet chat platforms are urging the United Kingdom government to reconsider a bill intended to decrease exposure to online harms but which opponents say would open the door to massive government surveillance. Proponents say online platforms should have a duty of care to protect users.

Encryption 275

Encryption Government Communications 275

Hunton Privacy

APRIL 18, 2023

On April 13, 2023, the Indiana Senate concurred to the Indiana House’s amendments of Senate Bill 5 (“SB 5”) a day after the House returned the bill to the Senate with amendments, and a couple days after the Indiana House unanimously voted to approve SB 5. SB 5 now will head to Governor Eric Holcomb for a final signature, where he will have seven days upon transmission to sign SB 5 into law or veto it.

Privacy 130

Privacy Personal data Risk Sales 130

Dark Reading

APRIL 18, 2023

The infamous Trojan's operators are switching up tactics with the use of simulated business correspondence, which helps instill trust with intended victims, and a stealthier payload.

Access 141

Access 141

Advertisement

Getting off of Hadoop is a critical objective for organizations, with data executives well aware of the significant benefits of doing so. The problem is, there are few options available that minimize the risk to the business during the migration process and that’s one of the reasons why many organizations are still using Hadoop today. By migrating to the data lakehouse, you can get immediate benefits from day one using Dremio’s phased migration approach.

Risk

The Last Watchdog

APRIL 17, 2023

No organization is immune to cybersecurity threats. Even the most well-protected companies can be susceptible to attacks if they are not careful about a proactive approach towards cyber security. Related: Why timely training is a must-have That’s why businesses of all sizes need to understand the biggest cybersecurity weaknesses and take steps to mitigate them.

Cybersecurity 166

Cybersecurity Risk Data breaches Security 166

Data Breach Today

APRIL 19, 2023

Russia's Invasion Tactics Include Creating Fake Hacktivist Groups, Researchers Find The Russian government continues to use an array of phishing attacks and information operations - including hack-and-leak efforts and running hacktivist groups such as CyberArmyofRussia - to support its illegal invasion of Ukraine, Google researchers report.

Phishing 273

Phishing Government IT 273

WIRED Threat Level

APRIL 19, 2023

The breach of the right-wing provocateur was simply a way of “stirring up some drama,” the attacker tells WIRED. But the damage could have been much worse.

Security 138

Security 138

Dark Reading

APRIL 20, 2023

Mandiant found that North Korea's UNC4736 gained initial access on 3CX's network when an employee downloaded a weaponized but legitimately-signed app from Trading Technologies.

Access 139

Access 139

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

Risk

The Last Watchdog

APRIL 20, 2023

Embedding security into the highly dynamic way new software gets created and put into service — on the fly, by leveraging ephemeral APIs — has proven to be a daunting challenge. Related: The fallacy of ‘security-as-a-cost-center’ Multitudes of security flaws quite naturally turn up – and threat actors have become adept at systematically discovering and exploiting these fresh vulnerabilities.

Security 154

Security IT 154

Data Breach Today

APRIL 19, 2023

Proposed Neosec Deal Will Help Akamai Customers Discover APIs and Assess Their Risk Akamai Technologies has agreed to purchase a finalist in last year's RSA Conference Innovation Sandbox Contest to get more visibility into the API threat landscape. Silicon Valley-based Neosec will help customers discover all their APIs, assess their risk and respond to vulnerabilities and attacks.

Risk 245

Risk 245

John Battelle's Searchblog

APRIL 21, 2023

I’ll see if, in a few minutes, I can get at least the outlines of a rant out. I’ve got to get to an appointment in half an hour, but I just saw today’s Dealbook newsletter , which focuses on the demise of BuzzFeed News. “Why BuzzFeed News folded” it promises, then goes on to willfully fail to answer the question – in much the same fashion every other story has noted the latest catastrophe in what used to be called “the news business” these days.

ROT 121

ROT Marketing IT 121