Sat.Apr 29, 2023 - Fri.May 05, 2023

article thumbnail

SolarWinds: The Untold Story of the Boldest Supply-Chain Hack

WIRED Threat Level

The attackers were in thousands of corporate and government networks. They might still be there now. Behind the scenes of the SolarWinds investigation.

article thumbnail

Anatomy of a Malicious Package Attack

Dark Reading

Malicious packages are hard to avoid and hard to detect — unless you know what to look for.

132
132
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: Making the case for leveraging automation to eradicate cybersecurity burnout

The Last Watchdog

The rising complexity and prevalence of cybersecurity threats are making experts anxious. Related: Training employees to mitigate phishing It pressures working analysts to perform 24 hours’ worth of work in an 8-hour day. Automation could alleviate the burden on IT teams and cybersecurity professionals by shouldering some monotonous, time-consuming tasks.

article thumbnail

WinRAR Weaponized for Attacks on Ukrainian Public Sector

Data Breach Today

Ukraine Links Attacks to Russian Intelligence Sandworm Hackers Ukrainian cyber defenders say they spotted a malicious script used to activate the delete option on a Windows file archiving utility likely planted by the Russian intelligence agency unit Sandworm. CERT-UA says attackers likely used a compromised VPN credential to gain access.

Archiving 266
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Dallas City Systems Taken Down by Royal Ransomware

Dark Reading

Courts closed, but police, fire rescues unaffected following ransomware attack.

More Trending

article thumbnail

MY TAKE: A few reasons to believe RSAC 2023’s ‘stronger together’ theme is gaining traction

The Last Watchdog

The theme of RSA Conference 2023 — ‘stronger together’ — was certainly well chosen. Related: Demystifying ‘DSPM’ This was my nineteenth RSAC. I attended my first one in 2004, while covering Microsoft for USA TODAY. It certainly was terrific to see the cybersecurity industry’s premier trade event fully restored to its pre-Covid grandeur at San Francisco’s Moscone Center last week.

article thumbnail

The Double-Edged Sword of Crypto in Ransomware

Data Breach Today

Hackers Treasure Crypto's Anonymity, Cybercrime Defenders its Traceability Ransomware hackers' favorite currency is cryptocurrency. Digital assets transfer millions of dollars each year from victims to cybercriminals. But that dependency is also an opportunity for law enforcement to hit ransomware hackers in their most vulnerable spot.

article thumbnail

Worried About AI? You Should Be (Part 2)

Weissman's World

Did you know that AI today can read the blood flow in your brain and translate your thoughts into words, or reconstitute a mental image into a tangible one? Kinda puts a new spin on the future of privacy, don’t it? I learned this startling fact from this remarkable video from the Center for Humane Technology.… Read More » Worried About AI?

Privacy 120
article thumbnail

$10M Is Yours If You Can Get This Guy to Leave Russia

Krebs on Security

The U.S. government this week put a $10 million bounty on the head of a Russian man who for the past 18 years operated Try2Check , one of the cybercrime underground’s most trusted services for checking the validity of stolen credit card data. U.S. authorities say 43-year-old Denis Kulkov ‘s card-checking service made him at least $18 million, which he used to buy a Ferrari, Land Rover, and other luxury items.

Marketing 222
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Apple Patches Bluetooth Flaw in AirPods, Beats

Dark Reading

Users can check for the updated firmware version of their wireless headphones in the Bluetooth settings of their iPhone, iPad, or Mac devices.

131
131
article thumbnail

Killer Use Cases for AI Dominate RSA Conference Discussions

Data Breach Today

Use Cases: Cybersecurity Offense, Defense and Safeguarding AI Itself, Experts Say Pre-RSA social media gaming predicted it. Many predicted they would loath it. And it happened: Discussions at this year's RSA conference again and again came back to generative artificial intelligence - but with a twist. Even some of the skeptics professed their conversion to the temple of AI.

article thumbnail

Release of Regulations for Digitizing Permanent Records

National Archives Records Express

Today, we published new federal regulations with standards for digitizing permanent federal records. The regulations are in 36 CFR 1236, Subpart E. These regulations will go into effect on June 5, 2023. The regulations establish standards for digitizing permanent paper records and photographic prints. They do not contain standards for digitizing film records at this time.

Paper 105
article thumbnail

List of Data Breaches and Cyber Attacks in April 2023 – 4.3 Million Records Breached

IT Governance

Welcome to our April 2023 list of data breaches and cyber attacks. Our research identified 120 publicly disclosed incidents during the month, accounting for 4,353,257 breached records. You can find the full list of data breaches and cyber attacks below, along with our rundown of the biggest incidents of the month. Meanwhile, if you enjoy this sort of cyber security news, be sure to subscribe to our Weekly Round-up to receive the latest stories straight to your inbox.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Google Chrome Drops Browser Lock Icon

Dark Reading

Chrome 117 will retire the lock icon and replace it with a "tune" icon, reflecting evolving cybersecurity standards.

article thumbnail

European Commission Proposes Network of Cross-Border SOCs

Data Breach Today

Cyber Solidarity Act Seeks to Improve EU Responses to Cyber Incidents The European Commission is proposing to spend more than 1 billion euros on cybersecurity operations centers amid long-standing worries that cyberthreats against the members of the continental alliance go undetected, concerns made more urgent by Russia's invasion of Ukraine.

article thumbnail

Fake Chrome Update Error Messages

KnowBe4

Compromised websites (legitimate sites that have been successfully compromised to support social engineering) are serving visitors fake Google Chrome update error messages.

article thumbnail

Easily shape your user journey with Collibra Homepage Editor

Collibra

It doesn’t matter what tool we use; we always want to get to the place we need in the simplest way possible. After the initial release of the out-of-the-box Homepage, Collibra is taking another step in this direction by adding new functionalities and extensive configuration options to the Homepage with the new Homepage Editor. Delivered as part of the February 2023 release, the Homepage Editor gives you the power to adapt your users’ journey to the individual needs of your organization.

Cloud 98
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Google Launches Cybersecurity Career Certificate Program

Dark Reading

Google's new program aims to offer accessible training to fill 750K open cybersecurity jobs with diverse array of talent.

article thumbnail

Breach Roundup: Royal Ransomware Does Dallas

Data Breach Today

Also: T-Mobile, an Italian Water System, a German IT Provider, a macOS Info Stealer In the days between April 27 and May 4, the spotlight was on: a Royal ransomware attack on Dallas, Telecom giant T-Mobile's second breach in 2023, a ransomware attack disrupting water services in half a dozen southern Italian towns, a German IT services provider and the Atomic macOS Stealer.

article thumbnail

Collaboration Data Challenges Before Litigation (And How Technology Can Help)

Hanzo Learning Center

Collaboration data is essential for many businesses in the digital age. However, determining how long to keep records on communication tools like Slack and Teams has become a challenge due to legal cases. Companies must balance regulatory requirements, business needs, and records hygiene when managing collaboration data. To help with information governance, many organizations are turning to technology.

article thumbnail

Fortinet warns of a spike in attacks against TBK DVR devices

Security Affairs

FortiGuard Labs researchers observed a worrisome level of attacks attempting to exploit an authentication bypass vulnerability in TBK DVR devices. FortiGuard Labs researchers are warning of a spike in malicious attacks targeting TBK DVR devices. Threat actors are attempting to exploit a five-year-old authentication bypass issue, tracked as CVE-2018-9995 (CVSS score of 9.8), in TBK DVR devices.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Google Ads Abused to Lure Corporate Workers to LOBSHOT Backdoor

Dark Reading

The cyberattack campaign, similar to one to spread the Rhadamanthys Stealer, is part of a larger trend by attackers to use malvertising as initial access for ransomware and other threat activity.

article thumbnail

Police Arrest Shuttered Monopoly Market Drug Sellers

Data Breach Today

Nearly 300 Arrests Made in the US and Europe International law enforcement agencies arrested hundreds in what authorities say is the largest crackdown on illicit drugs over the dark web, also revealing that German law enforcement was behind the December 2021 disappearance of dark web drug marketplace Monopoly Market.

Marketing 170
article thumbnail

[Feet on the Ground] Stepping Carefully When Making an AI Your BFF

KnowBe4

Bloomberg's Brad Stone wrote an op-ed covering this topic. In the past month, a chatbot called " My AI " or "Sage" has appeared as a new friend for several hundred million Snapchat users. The chatbot utilizes OpenAI's advanced artificial intelligence tool, ChatGPT. It has shown up unexpectedly at the top of many users' friend lists on the messaging app, which is considered prime app real estate.

article thumbnail

White hat hackers showed how to take over a European Space Agency satellite

Security Affairs

Thales cybersecurity researchers have shown this week how they seized control of a European Space Agency (ESA) satellite. This week, during the third edition of CYSAT, the European event dedicated to cybersecurity for the space industry, the European Space Agency (ESA) set up a satellite test bench, inviting white hat hackers to attempt seizing control of OPS-SAT , a nanosatellite operated by the agency for demonstration purposes.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Meta Expunges Multiple APT, Cybercrime Groups From Facebook, Instagram

Dark Reading

The company has removed three APTs and six potentially criminal networks from its platforms who leveraged elaborate campaigns of fake personas and profiles to lure and compromise users.

IT 98
article thumbnail

Ukrainian Forces Shutter Bot Farms and Illicit VPN Provider

Data Breach Today

Arrests Made and Computer Equipment Seized Ukrainian law enforcement dismantled more than half a dozen bot farms and a virtual private network infrastructure spreading disinformation and fake Russian propaganda. Ukrainian authorities have dismantled a string of botnet operations in December, September and August of 2022.

159
159
article thumbnail

IT Governance Podcast 5.5.23: ChatGPT, LockBit, T-Mobile and Alan Calder on cyber security for boards

IT Governance

This week, we discuss ChatGPT’s restoration in Italy despite wider security concerns, an apology from the LockBit ransomware group and another breach for T-Mobile, and Alan Calder discusses what boards need to do to build their organisations’ cyber defences. Now available on Spotify , Amazon Music , Apple Podcasts and SoundCloud. The post IT Governance Podcast 5.5.23: ChatGPT, LockBit, T-Mobile and Alan Calder on cyber security for boards appeared first on IT Governance UK Blog.