Krebs on Security

APRIL 18, 2023

For the past seven years, a malware-based proxy service known as “ Faceless ” has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post we’ll examine clues left behind over the past decade by the proprietor of Faceless, including some that may help put a face to the name.

Passwords 238

Passwords IoT Sales Retail 238

KnowBe4

APRIL 20, 2023

At a time when cyber attacks are achieving success in varying degrees and IT pros are keeping quiet about resulting breaches, there is one specific type of attack that has them most worried.

IT 75

IT Security Data breaches 75

Data Breach Today

APRIL 19, 2023

Only 15% of Global Orgs Rank as 'Mature' on Cisco’s Cybersecurity Readiness Index Cisco's Cybersecurity Readiness Index shows a mere 15% of global organizations rank as mature across five security pillars.

Cybersecurity 157

Cybersecurity Security 157

Data Breach Today

APRIL 20, 2023

Eset Finds Customer Info, VPN Credentials & Authentication Keys on Used Routers Sanitize IT gear before decommissioning is well-trod cybersecurity advice made to corporations everywhere and yet many persist in disposing of equipment still laden with sensitive data. Cybersecurity firm Eset says it found a wealth of corporate data on secondhand routers.

Authentication 144

Authentication Cybersecurity IT 144

Advertisement

With its unparalleled flexibility, rapid development and cost-saving capabilities, open source is proving time and again that it’s the leader in data management. But as the growth in open source adoption increases, so does the complexity of your data infrastructure. In this Analyst Brief developed with IDC, discover how and why the best solution to this complexity is a managed service, including: Streamlined compliance with some of the most complex regulatory guidelines Simplified operations, li

Compliance

Dark Reading

APRIL 19, 2023

Attackers continued to favor software exploits, phishing, and stolen credentials as initial-access methods last year, as Log4j and the Russia-Ukraine cyber conflict changed the threat landscape.

Phishing 65

Phishing Access 65

The Last Watchdog

APRIL 21, 2023

Adopting personas and rubbing elbows with criminal hackers and fraudsters is a tried-and-true way to glean intel in the Dark Web. Related: In pursuit of a security culture It’s not at all unusual to find law enforcement agents and private sector threat intelligence analysts concocting aliases that permit them to lurk in unindexed forums, vetted message boards and encrypted code repositories.

Risk 236

Risk Encryption Cybersecurity Security 236

Data Breach Today

APRIL 20, 2023

Mandiant Concludes 3CX Hack Was Result of Earlier Hack on Trading Software Maker North Korean hackers' software supply chain attack on desktop phone developer 3CX was the fruit of a separate and previously undisclosed supply chain attack on a financial trading software maker, is the conclusion of the Mandiant forensics team brought in to investigate.

283

283

Jamf

APRIL 21, 2023

Learn about the macOS malware variant discovered by Jamf Threat Labs named 'RustBucket' What it does, how it works to compromise macOS devices, where it comes from and what administrators can do to protect their Apple fleet.

IT 145

IT 145

Dark Reading

APRIL 20, 2023

A bug in how Google Cloud Platform handles OAuth tokens opened the door to Trojan apps that could access anything in users' personal or business Google Drives, Photos, Gmail, and more.

Cloud 144

Cloud Access 144

Advertisement

The complexity of financial data, the need for real-time insight, and the demand for user-friendly visualizations can seem daunting when it comes to analytics - but there is an easier way. With Logi Symphony, we aim to turn these challenges into opportunities. Our platform empowers you to seamlessly integrate advanced data analytics, generative AI, data visualization, and pixel-perfect reporting into your applications, transforming raw data into actionable insights.

Analytics

The Last Watchdog

APRIL 17, 2023

No organization is immune to cybersecurity threats. Even the most well-protected companies can be susceptible to attacks if they are not careful about a proactive approach towards cyber security. Related: Why timely training is a must-have That’s why businesses of all sizes need to understand the biggest cybersecurity weaknesses and take steps to mitigate them.

Risk 219

Risk Cybersecurity Data breaches Access 219

Data Breach Today

APRIL 17, 2023

Don't Panic: Apparent macOS Beta Testing Is Highly Buggy, Poses No Immediate Threat Apple users: Don't fear newly discovered samples of LockBit ransomware designed to target newer macOS devices. Researchers say the still-in-development code, tied to no known in-the-wild attacks, contains numerous errors, leaving it unable to execute.

Ransomware 281

Ransomware IT 281

Jamf

APRIL 17, 2023

Jamf Threat Labs examines two sophisticated spyware attacks and provides recommendations for organizations to defend users from increasingly complex threats.

144

144

WIRED Threat Level

APRIL 19, 2023

The breach of the right-wing provocateur was simply a way of “stirring up some drama,” the attacker tells WIRED. But the damage could have been much worse.

Security 142

Security 142

Advertisement

Adding high-quality entity resolution capabilities to enterprise applications, services, data fabrics or data pipelines can be daunting and expensive. Organizations often invest millions of dollars and years of effort to achieve subpar results. This guide will walk you through the requirements and challenges of implementing entity resolution. By the end, you'll understand what to look for, the most common mistakes and pitfalls to avoid, and your options.

IT

The Last Watchdog

APRIL 20, 2023

Good intelligence in any theater of war is invaluable. Timely, accurate intel is the basis of a robust defense and can inform potent counterattacks. Related: Ukraine hit by amplified DDoS This was the case during World War II in The Battle of Midway and at the Battle of the Bulge and it holds true today in the Dark Web. The cyber underground has become a highly dynamic combat zone in which cyber criminals use engrained mechanisms to shroud communications.

Communications 214

Communications Security IT 214

Data Breach Today

APRIL 19, 2023

Generative AI tools such as ChatGPT will undoubtedly change the way clinicians and healthcare cybersecurity professionals work, but the use of these technologies come with security, privacy and legal concerns, says Lee Kim of the Healthcare Information Management and Systems Society.

Security 272

Security Privacy Cybersecurity 272

Hunton Privacy

APRIL 18, 2023

On April 13, 2023, the Indiana Senate concurred to the Indiana House’s amendments of Senate Bill 5 (“SB 5”) a day after the House returned the bill to the Senate with amendments, and a couple days after the Indiana House unanimously voted to approve SB 5. SB 5 now will head to Governor Eric Holcomb for a final signature, where he will have seven days upon transmission to sign SB 5 into law or veto it.

Privacy 132

Privacy Personal data Sales Insurance 132

IT Governance

APRIL 18, 2023

Data minimisation is a key part of information security and the GDPR (General Data Protection Regulation) in particular. Its principles are at the heart of effective data protection practices, and are intended to prevent privacy breaches and minimise the damage when security incidents occur. What is data minimisation? Data minimisation requires organisations to process personal data only if it serves a specific purpose, and to retain it for only as long as it’s needed to meet that purpose.

GDPR 132

GDPR Personal data Data breaches Marketing 132

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

Artificial Intelligence

The Last Watchdog

APRIL 21, 2023

Managed Security Service Providers, MSSPs, have been around for some time now as a resource to help companies operate more securely. Related: CMMC mandates best security practices Demand for richer MSSP services was already growing at a rapid pace, as digital transformation gained traction – and then spiked in the aftermath of Covid 19. By one estimate, companies are on track to spend $77 billion on MSSP services by 2030, up from $22 billion in 2020.

Digital transformation 213

Digital transformation Cybersecurity Marketing Security 213

Data Breach Today

APRIL 18, 2023

UK's Online Safety Bill Criticized for Infringing on Private Communications Major internet chat platforms are urging the United Kingdom government to reconsider a bill intended to decrease exposure to online harms but which opponents say would open the door to massive government surveillance. Proponents say online platforms should have a duty of care to protect users.

Encryption 271

Encryption Communications Government 271

AIIM

APRIL 21, 2023

AIIM is proud to release its State of the Intelligent Information Management Industry report for 2023. Filled with insights and trends that organizations should take note of, the report results from a survey conducted among AIIM members. It provides a comprehensive overview of the current state of information management across different industries. Intelligent Information Management (IIM) is the practice of managing information in a way that optimizes its value to the organization.

Digital transformation 104

Digital transformation Artificial Intelligence Customer Experience Records Management 104

IT Governance

APRIL 20, 2023

The fallout from Capita’s so-called “cyber incident” last month has been slow and damning. After weeks of insisting that criminal hackers had merely disrupted internal systems, the outsourcing giant has confirmed this week that the damage was more than just an ‘incident’. It was, in fact, ransomware. Capita is one of the largest public-sector service providers in the UK, with £6.5 billion in contracts managing systems such as the BBC licence fee and the London congestion charge.

Ransomware 128

Ransomware IT Data breaches Security 128

Advertisement

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

Paper

The Last Watchdog

APRIL 18, 2023

Domain Name Service. DNS. It’s the phone directory of the Internet. Related: DNS — the good, bad and ugly Without DNS the World Wide Web never would never have advanced as far and wide as it has. However, due to its intrinsic openness and anonymity DNS has also become engrained as the primary communications mechanism used by cyber criminals and cyber warfare combatants.

Analytics 208

Analytics Communications Cybersecurity Security 208

Data Breach Today

APRIL 19, 2023

Russia's Invasion Tactics Include Creating Fake Hacktivist Groups, Researchers Find The Russian government continues to use an array of phishing attacks and information operations - including hack-and-leak efforts and running hacktivist groups such as CyberArmyofRussia - to support its illegal invasion of Ukraine, Google researchers report.

Phishing 268

Phishing Government IT 268

Dark Reading

APRIL 18, 2023

Researchers warn about a dangerous wave of unwiped, secondhand core-routers found containing corporate network configurations, credentials, and application and customer data.

128

128

John Battelle's Searchblog

APRIL 21, 2023

I’ll see if, in a few minutes, I can get at least the outlines of a rant out. I’ve got to get to an appointment in half an hour, but I just saw today’s Dealbook newsletter , which focuses on the demise of BuzzFeed News. “Why BuzzFeed News folded” it promises, then goes on to willfully fail to answer the question – in much the same fashion every other story has noted the latest catastrophe in what used to be called “the news business” these days.

ROT 124

ROT Marketing IT 124

Advertisement

In the fast-moving manufacturing sector, delivering mission-critical data insights to empower your end users or customers can be a challenge. Traditional BI tools can be cumbersome and difficult to integrate - but it doesn't have to be this way. Logi Symphony offers a powerful and user-friendly solution, allowing you to seamlessly embed self-service analytics, generative AI, data visualization, and pixel-perfect reporting directly into your applications.

Analytics

The Last Watchdog

APRIL 20, 2023

Embedding security into the highly dynamic way new software gets created and put into service — on the fly, by leveraging ephemeral APIs — has proven to be a daunting challenge. Related: The fallacy of ‘security-as-a-cost-center’ Multitudes of security flaws quite naturally turn up – and threat actors have become adept at systematically discovering and exploiting these fresh vulnerabilities.

Security 201

Security IT 201

Data Breach Today

APRIL 19, 2023

Proposed Neosec Deal Will Help Akamai Customers Discover APIs and Assess Their Risk Akamai Technologies has agreed to purchase a finalist in last year's RSA Conference Innovation Sandbox Contest to get more visibility into the API threat landscape. Silicon Valley-based Neosec will help customers discover all their APIs, assess their risk and respond to vulnerabilities and attacks.

Risk 245

Risk 245

Dark Reading

APRIL 19, 2023

Unsophisticated attackers can pinpoint where a person lives by lifting metadata from Strava and other apps, even if they're using a feature specifically aimed at protecting their location information.

Metadata 126

Metadata Privacy 126