Sat.Apr 15, 2023 - Fri.Apr 21, 2023

article thumbnail

Giving a Face to the Malware Proxy Service ‘Faceless’

Krebs on Security

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post we’ll examine clues left behind over the past decade by the proprietor of Faceless, including some that may help put a face to the name.

Passwords 221
article thumbnail

Nearly One-Half of IT Pros are Told to Keep Quiet About Security Breaches

KnowBe4

At a time when cyber attacks are achieving success in varying degrees and IT pros are keeping quiet about resulting breaches, there is one specific type of attack that has them most worried.

IT 67
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

5 Cybersecurity Pillars Where 85% of Companies Are Lagging

Data Breach Today

Only 15% of Global Orgs Rank as 'Mature' on Cisco’s Cybersecurity Readiness Index Cisco's Cybersecurity Readiness Index shows a mere 15% of global organizations rank as mature across five security pillars.

article thumbnail

Refurbished Routers Contain Sensitive Corporate Data

Data Breach Today

Eset Finds Customer Info, VPN Credentials & Authentication Keys on Used Routers Sanitize IT gear before decommissioning is well-trod cybersecurity advice made to corporations everywhere and yet many persist in disposing of equipment still laden with sensitive data. Cybersecurity firm Eset says it found a wealth of corporate data on secondhand routers.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

3 Flaws, 1 War Dominated Cyber-Threat Landscape in 2022

Dark Reading

Attackers continued to favor software exploits, phishing, and stolen credentials as initial-access methods last year, as Log4j and the Russia-Ukraine cyber conflict changed the threat landscape.

More Trending

article thumbnail

RSAC Fireside Chat: Cybersixgill crawls the Dark Web to uncover earliest signs of companies at risk

The Last Watchdog

Adopting personas and rubbing elbows with criminal hackers and fraudsters is a tried-and-true way to glean intel in the Dark Web. Related: In pursuit of a security culture It’s not at all unusual to find law enforcement agents and private sector threat intelligence analysts concocting aliases that permit them to lurk in unindexed forums, vetted message boards and encrypted code repositories.

Risk 235
article thumbnail

North Korean Hackers Chained Supply Chain Hacks to Reach 3CX

Data Breach Today

Mandiant Concludes 3CX Hack Was Result of Earlier Hack on Trading Software Maker North Korean hackers' software supply chain attack on desktop phone developer 3CX was the fruit of a separate and previously undisclosed supply chain attack on a financial trading software maker, is the conclusion of the Mandiant forensics team brought in to investigate.

286
286
article thumbnail

BlueNoroff APT group targets macOS with ‘RustBucket’ Malware

Jamf

Learn about the macOS malware variant discovered by Jamf Threat Labs named 'RustBucket' What it does, how it works to compromise macOS devices, where it comes from and what administrators can do to protect their Apple fleet.

IT 145
article thumbnail

'GhostToken' Opens Google Accounts to Permanent Infection

Dark Reading

A bug in how Google Cloud Platform handles OAuth tokens opened the door to Trojan apps that could access anything in users' personal or business Google Drives, Photos, Gmail, and more.

Cloud 144
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

GUEST ESSAY: The Top 10 cybersecurity shortfalls that put SMBs, enterprises at elevated risk

The Last Watchdog

No organization is immune to cybersecurity threats. Even the most well-protected companies can be susceptible to attacks if they are not careful about a proactive approach towards cyber security. Related: Why timely training is a must-have That’s why businesses of all sizes need to understand the biggest cybersecurity weaknesses and take steps to mitigate them.

Risk 218
article thumbnail

LockBit Ransomware Tests Taking a Bite Out of Apple Users

Data Breach Today

Don't Panic: Apparent macOS Beta Testing Is Highly Buggy, Poses No Immediate Threat Apple users: Don't fear newly discovered samples of LockBit ransomware designed to target newer macOS devices. Researchers say the still-in-development code, tied to no known in-the-wild attacks, contains numerous errors, leaving it unable to execute.

article thumbnail

Threat advisory: Mobile spyware continues to evolve

Jamf

Jamf Threat Labs examines two sophisticated spyware attacks and provides recommendations for organizations to defend users from increasingly complex threats.

144
144
article thumbnail

What Is Data Minimisation? Definition & Examples

IT Governance

Data minimisation is a key part of information security and the GDPR (General Data Protection Regulation) in particular. Its principles are at the heart of effective data protection practices, and are intended to prevent privacy breaches and minimise the damage when security incidents occur. What is data minimisation? Data minimisation requires organisations to process personal data only if it serves a specific purpose, and to retain it for only as long as it’s needed to meet that purpose.

GDPR 132
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

RSAC Fireside Chat: How timely intel from the cyber underground improves counter measures

The Last Watchdog

Good intelligence in any theater of war is invaluable. Timely, accurate intel is the basis of a robust defense and can inform potent counterattacks. Related: Ukraine hit by amplified DDoS This was the case during World War II in The Battle of Midway and at the Battle of the Bulge and it holds true today in the Dark Web. The cyber underground has become a highly dynamic combat zone in which cyber criminals use engrained mechanisms to shroud communications.

article thumbnail

Emerging Security Concerns About Generative AI in Healthcare

Data Breach Today

Generative AI tools such as ChatGPT will undoubtedly change the way clinicians and healthcare cybersecurity professionals work, but the use of these technologies come with security, privacy and legal concerns, says Lee Kim of the Healthcare Information Management and Systems Society.

Security 274
article thumbnail

Indiana Likely to Become Seventh State to Enact a Comprehensive State Privacy Law

Hunton Privacy

On April 13, 2023, the Indiana Senate concurred to the Indiana House’s amendments of Senate Bill 5 (“SB 5”) a day after the House returned the bill to the Senate with amendments, and a couple days after the Indiana House unanimously voted to approve SB 5. SB 5 now will head to Governor Eric Holcomb for a final signature, where he will have seven days upon transmission to sign SB 5 into law or veto it.

Privacy 132
article thumbnail

The Hacker Who Hijacked Matt Walsh’s Twitter Was Just ‘Bored’

WIRED Threat Level

The breach of the right-wing provocateur was simply a way of “stirring up some drama,” the attacker tells WIRED. But the damage could have been much worse.

Security 140
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

RSAC Fireside Chat: Here’s why companies are increasingly turning to MSSPs for deeper help

The Last Watchdog

Managed Security Service Providers, MSSPs, have been around for some time now as a resource to help companies operate more securely. Related: CMMC mandates best security practices Demand for richer MSSP services was already growing at a rapid pace, as digital transformation gained traction – and then spiked in the aftermath of Covid 19. By one estimate, companies are on track to spend $77 billion on MSSP services by 2030, up from $22 billion in 2020.

article thumbnail

WhatsApp, Signal Preview UK Exit Over Threat to Encryption

Data Breach Today

UK's Online Safety Bill Criticized for Infringing on Private Communications Major internet chat platforms are urging the United Kingdom government to reconsider a bill intended to decrease exposure to online harms but which opponents say would open the door to massive government surveillance. Proponents say online platforms should have a duty of care to protect users.

article thumbnail

Discover the Future of Intelligent Information Management

AIIM

AIIM is proud to release its State of the Intelligent Information Management Industry report for 2023. Filled with insights and trends that organizations should take note of, the report results from a survey conducted among AIIM members. It provides a comprehensive overview of the current state of information management across different industries. Intelligent Information Management (IIM) is the practice of managing information in a way that optimizes its value to the organization.

article thumbnail

Capita Admits That Its ‘Cyber Incident’ Was Ransomware and That Customer Data Was Breached

IT Governance

The fallout from Capita’s so-called “cyber incident” last month has been slow and damning. After weeks of insisting that criminal hackers had merely disrupted internal systems, the outsourcing giant has confirmed this week that the damage was more than just an ‘incident’. It was, in fact, ransomware. Capita is one of the largest public-sector service providers in the UK, with £6.5 billion in contracts managing systems such as the BBC licence fee and the London congestion charge.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

RSAC Fireside Chat: ‘Protective DNS’ directs smart audits, automated remediation to IP addresses

The Last Watchdog

Domain Name Service. DNS. It’s the phone directory of the Internet. Related: DNS — the good, bad and ugly Without DNS the World Wide Web never would never have advanced as far and wide as it has. However, due to its intrinsic openness and anonymity DNS has also become engrained as the primary communications mechanism used by cyber criminals and cyber warfare combatants.

Analytics 207
article thumbnail

Ukraine Facing Phishing Attacks, Information Operations

Data Breach Today

Russia's Invasion Tactics Include Creating Fake Hacktivist Groups, Researchers Find The Russian government continues to use an array of phishing attacks and information operations - including hack-and-leak efforts and running hacktivist groups such as CyberArmyofRussia - to support its illegal invasion of Ukraine, Google researchers report.

Phishing 270
article thumbnail

Recycled Core Routers Exposed Sensitive Corporate Network Info

Dark Reading

Researchers warn about a dangerous wave of unwiped, secondhand core-routers found containing corporate network configurations, credentials, and application and customer data.

128
128
article thumbnail

Yeah, That’s Why BuzzFeed News Failed.

John Battelle's Searchblog

I’ll see if, in a few minutes, I can get at least the outlines of a rant out. I’ve got to get to an appointment in half an hour, but I just saw today’s Dealbook newsletter , which focuses on the demise of BuzzFeed News. “Why BuzzFeed News folded” it promises, then goes on to willfully fail to answer the question – in much the same fashion every other story has noted the latest catastrophe in what used to be called “the news business” these days.

ROT 124
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

RSAC Fireside Chat: Demystifying cloud-stored data via ‘data security posture management’

The Last Watchdog

In the age before the cloud, data security was straightforward. Related: Taming complexity as a business strategy Enterprises created or ingested data, stored it and secured it in a physical data center. Data security was placed in the hands of technicians wearing tennis shoes, who could lay their hands on physical servers. Today, company networks rely heavily on hybrid cloud and multi-cloud IT resources, and many startups are cloud native.

Cloud 203
article thumbnail

Akamai to Buy Startup Neosec for API Detection and Response

Data Breach Today

Proposed Neosec Deal Will Help Akamai Customers Discover APIs and Assess Their Risk Akamai Technologies has agreed to purchase a finalist in last year's RSA Conference Innovation Sandbox Contest to get more visibility into the API threat landscape. Silicon Valley-based Neosec will help customers discover all their APIs, assess their risk and respond to vulnerabilities and attacks.

Risk 244
article thumbnail

Popular Fitness Apps Leak Location Data Even When Users Set Privacy Zones

Dark Reading

Unsophisticated attackers can pinpoint where a person lives by lifting metadata from Strava and other apps, even if they're using a feature specifically aimed at protecting their location information.

Metadata 126