Krebs on Security

DECEMBER 13, 2022

InfraGard , a program run by the U.S. Federal Bureau of Investigation (FBI) to build cyber and physical threat information sharing partnerships with the private sector, this week saw its database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. Meanwhile, the hackers responsible are communicating directly with members through the InfraGard portal online — using a new account under the assumed identity of a financial industry CEO tha

Sales 359

Sales Energy and Utilities Communications Data breaches 359

Data Breach Today

DECEMBER 13, 2022

Victims Still Learning Their Personal Data Was Illegally Accessed, Copied in 2021 A ransomware attack on the Irish healthcare system in 2021 has cost the government 80 million euros in damages and counting. The Irish Health Service continues to notify victims of the incident that their personal information was illegally accessed and copied.

Ransomware 353

Ransomware Personal data Access Government 353

The Last Watchdog

DECEMBER 14, 2022

There is much that can be gleaned from helping companies identify and manage their critical vulnerabilities 24X7. Related: The case for proactive pentests. Based on insights from our team of elite security researchers here at Bugcrowd, these are three trends gaining steam as 2022 comes to a close – trends that I expect to command much attention in 2023.

Compliance 201

Compliance Cybersecurity Risk Security 201

eSecurity Planet

DECEMBER 15, 2022

Released on November 30, ChatGPT has instantly become a viral online sensation. In a week, the app gained more than one million users. Unlike most other AI research projects, ChatGPT has captivated the interest of ordinary people who do not have PhDs in data science. They can type in queries and get human-like responses. The answers are often succinct.

Cybersecurity 136

Cybersecurity Phishing Data science Blockchain 136

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Krebs on Security

DECEMBER 14, 2022

The U.S. Department of Justice (DOJ) today seized four-dozen domains that sold “booter” or “stresser” services — businesses that make it easy and cheap for even non-technical users to launch powerful Distributed Denial of Service (DDoS) attacks designed knock targets offline. The DOJ also charged six U.S. men with computer crimes related to their alleged ownership of the popular DDoS-for-hire services.

Computer and Electronics 288

Computer and Electronics Education IT Risk 288

The Last Watchdog

DECEMBER 11, 2022

The Internet of Everything ( IoE ) is on the near horizon. Related: Raising the bar for smart homes. Our reliance on artificially intelligent software is deepening, signaling an era, just ahead, of great leaps forward for humankind. We would not be at this juncture without corresponding advances on the hardware side of the house. For instance, very visibly over the past decade, Internet of Things ( IoT ) computing devices and sensors have become embedded everywhere.

Energy and Utilities 163

Energy and Utilities IoT Artificial Intelligence Cloud 163

KnowBe4

DECEMBER 10, 2022

ChatGPT could give Google a serious run for its money. We are not quite there yet, but the capabilities are rapidly improving. Just have a look at the command I gave it. In 5 seconds the copy rolled out.

IT 131

IT 131

Krebs on Security

DECEMBER 14, 2022

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software. The most pressing patches include a zero-day in a Windows feature that tries to flag malicious files from the Web, a critical bug in PowerShell , and a dangerous flaw in Windows 11 systems that was detailed publicly prior to this week’s Patch Tuesday.

Ransomware 186

Ransomware Authentication Security Access 186

Data Breach Today

DECEMBER 10, 2022

Class Action Lawsuit Filed Against Rackspace for Negligence Hosted services company Rackspace is warning customers about the increasing risk of phishing attacks following a ransomware attack causing ongoing outages to its hosted Exchange environment. The Texas-based firm also is now facing a class action lawsuit.

Phishing 251

Phishing Ransomware Risk IT 251

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

Security Affairs

DECEMBER 13, 2022

A new Python backdoor is targeting VMware ESXi servers, allowing attackers to take over compromised systems. Juniper Networks researchers spotted a previously undocumented Python backdoor targeting VMware ESXi servers. The researchers discovered the backdoor in October 2022, experts pointed out the implant is notable for its simplicity, persistence and capabilities.

Passwords 129

Passwords IT Access Security 129

Data Protection Report

DECEMBER 13, 2022

On 13 December, the European Commission launched the process to adopt an adequacy decision for the EU-US Data Privacy Framework ( EU-US DPF ). . The draft decision – available here – addresses the concerns raised by the Court of Justice of the European Union ( CJEU ) in its Schrems II decision of July 2020. These concerns centred around access to European personal data by US intelligence agencies and the lack of independent and impartial redress for EU citizens.

Data Privacy 123

Data Privacy Privacy Personal data Access 123

Dark Reading

DECEMBER 13, 2022

Threat actors leak employee email addresses, corporate reports, and IT asset information on a hacker forum after an attack on an Uber technology partner.

Cloud 133

Cloud IT 133

Data Breach Today

DECEMBER 14, 2022

Defenders have made strides in disrupting ransomware, but assessing the effectiveness of countermeasures is tough due to a scarcity of information, says cybersecurity veteran Jen Ellis. "We know what the tip of the iceberg looks like, but we don't know what percentage of that iceberg we can see.

Ransomware 239

Ransomware Cybersecurity 239

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

Security Affairs

DECEMBER 14, 2022

Researchers discovered a new Go-based botnet, dubbed GoTrim, attempting to brute force WordPress websites. Fortinet FortiGuard Labs researchers spotted a new Go-based botnet, dubbed GoTrim, that has been spotted scanning and brute-forcing WordPress and OpenCart websites. The botnet was named GoTrim because it was written in Go and uses “:::trim::: ” to split data sent and received from the C2 server.

CMS 128

CMS Encryption Risk Passwords 128

IT Governance

DECEMBER 15, 2022

Intersport recently fell victim to a ransomware attack during what should have been the busiest time of the year. The incident occurred in late November, with the sports retail giant gearing up for Black Friday and the start of the World Cup. However, a malware intrusion froze cash registers across its French stores, leaving customers unable to make purchases or use loyalty cards and gift vouchers.

Ransomware 122

Ransomware Personal data Retail Risk 122

IBM Big Data Hub

DECEMBER 16, 2022

Over the last week, millions of people around the world have interacted with OpenAI’s ChatGPT, which represents a significant advance for generative artificial intelligence (AI) and the foundation models that underpin many of these use cases. It’s a fitting way to end what has been another big year for the industry. We’re at an exciting inflection point for AI.

Government 118

Government Artificial Intelligence Metadata Data collection 118

Data Breach Today

DECEMBER 12, 2022

Tongue-in-Cheek Ransom Note Claims 'Modest Royalty' for 'Pentesting Services' Attackers wielding Royal ransomware have been hitting crypto-locking healthcare targets, the U.S. Department of Health and Human Services warns, saying that in each known case, attackers "claimed to have published 100% of the data that was allegedly extracted from the victim.

Ransomware 237

Ransomware 237

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Security Affairs

DECEMBER 13, 2022

Citrix urges customers to update their installs to fix actively exploited zero-day (CVE-2022-27518) in Citrix ADC and Gateway. Citrix urges administrators to apply security updates for a zero-day vulnerability, tracked as CVE-2022-27518, in Citrix ADC and Gateway. The vulnerability is actively exploited by China-linked threat actors to gain access to target networks. “We are aware of a small number of targeted attacks in the wild using this vulnerability.” reads a blog post published

Authentication 127

Authentication Cybersecurity Security Access 127

Hunton Privacy

DECEMBER 15, 2022

On December 13, 2022, the European Commission launched the process for the adoption of an adequacy decision for the EU-U.S. Data Privacy Framework. If adopted, the long-awaited adequacy decision will provide EU companies transferring personal data to the U.S. with an additional mechanism to legitimize their transfers. An adequacy decision would foster trans-Atlantic data flows and address the concerns raised by the Court of Justice of the European Union (“CJEU”) judgment in the Schrems II case.

Data Privacy 114

Data Privacy Privacy Personal data GDPR 114

Schneier on Security

DECEMBER 12, 2022

After way too many years, Apple is finally encrypting iCloud backups : Based on a screenshot from Apple, these categories are covered when you flip on Advanced Data Protection: device backups, messages backups, iCloud Drive, Notes, Photos, Reminders, Safari bookmarks, Siri Shortcuts, Voice Memos, and Wallet Passes. Apple says the only “major” categories not covered by Advanced Data Protection are iCloud Mail, Contacts, and Calendar because “of the need to interoperate with the global email, cont

Encryption 113

Encryption Access IT Cloud 113

Data Breach Today

DECEMBER 12, 2022

Ashan Willy's First Deal as CEO Gets Proofpoint Into the Identity, Deception Spaces Ashan Willy has made his first deal as Proofpoint's CEO, scooping up an identity startup established by Check Point's former cloud and document security leader. The purchase of Illusive will allow Proofpoint to add identity risk discovery and remediation and post-breach defense to its platform.

Cloud 197

Cloud Risk Security IT 197

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Security Affairs

DECEMBER 14, 2022

The number of internet-facing cameras in the world is growing exponentially. Some of the most popular brands don’t enforce a strong password policy, meaning anyone can peer into their owners’ lives. Original post at [link]. When you spy on your neighborhood or your cafe customers, do you wonder if someone is watching Big Brother – you, in this case?

Passwords 124

Passwords Manufacturing Authentication Government 124

eSecurity Planet

DECEMBER 14, 2022

Microsoft’s December 2022 Patch Tuesday includes fixes for over four dozen vulnerabilities, six of them critical – including a zero-day flaw in the SmartScreen security tool, CVE-2022-44698 , that’s being actively exploited. Regarding that flaw, Microsoft observed, “An attacker can craft a malicious file that would evade Mark of the Web (MOTW) defenses, resulting in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, whi

Risk 112

Risk Authentication Ransomware Cybersecurity 112

Dark Reading

DECEMBER 14, 2022

An emerging cybercriminal group linked with Conti has expanded its partial encryption strategy and demonstrates other evasive maneuvers, as it takes aim at healthcare and other sectors.

Encryption 110

Encryption Ransomware IT 110

Data Breach Today

DECEMBER 11, 2022

'We're Sorry it Occurred, and We Know We Have Let You Down,' Telstra CFO Says Australian telecommunications provider Telstra apologized for accidentally publishing names, numbers and addresses of over 130,000 customers whose details were supposed to be unlisted. The company apologized for the error and blamed a "misalignment of databases.

IT 174

IT 174

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

Security Affairs

DECEMBER 13, 2022

LockBit ransomware gang hacked the California Department of Finance and threatens to leak data stolen from its systems. The LockBit ransomware gang claims to have stolen 76Gb from the California Department of Finance and is threatening to leak the stolen data if the victims will not pay the ransom by December 24. On December 12, the California Department of Finance confirmed the security incident with a statement. “The California Cybersecurity Integration Center (Cal-CSIC) is actively resp

Ransomware 123

Ransomware Military Cybersecurity Security 123

Hunton Privacy

DECEMBER 16, 2022

On December 7, 2022, the Federal Trade Commission released an updated Mobile Health App Interactive Tool to help developers determine what federal laws and regulations apply to apps that collect and process health data. The updated version of the tool, which revises the initial release in 2016, aims to assist developers of mobile apps that will access, collect, share, use or maintain information related to an individual consumer’s health, such as information related to diagnosis, treatment, fitn

Compliance 108

Compliance Insurance Privacy Access 108

Dark Reading

DECEMBER 14, 2022

The feds' mobile service provider guidance details cybersecurity threat vectors associated with 5G network slicing.

Risk 134

Risk Security Cybersecurity 134