Sat.Sep 09, 2023 - Fri.Sep 15, 2023

article thumbnail

GUEST ESSAY: The timing is ripe to instill trust in the open Internet — and why this must get done

The Last Watchdog

In today’s digital age, trust has become a cornerstone of building a better Internet. Preserving privacy for a greater good The Internet was designed as a platform for peer research, not for the vast scale and diverse uses we see today. Over the decades, it’s grown in a way that has left it with many inherent vulnerabilities. These vulnerabilities, not borne out of malice, were the result of choices made with limited information available at the time.

Mining 250
article thumbnail

Big MGM Resorts Outage Traces to Ransomware, Researchers Say

Data Breach Today

Alphv/BlackCat Group Reportedly Hit Casino Operator via Social Engineering Attack Booking and reservation systems, as well as slot machines, hotel room door locks, ATMs and more remain offline at multiple MGM Resorts properties as the publicly traded casino hotel giant battles "a cybersecurity issue" that one group of security researchers has tied to a ransomware group attack.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

FBI Hacker Dropped Stolen Airbus Data on 9/11

Krebs on Security

In December 2022, KrebsOnSecurity broke the news that a cybercriminal using the handle “ USDoD ” had infiltrated the FBI ‘s vetted information sharing network InfraGard , and was selling the contact information for all 80,000 members. The FBI responded by reverifying InfraGard members and by seizing the cybercrime forum where the data was being sold.

Passwords 317
article thumbnail

A New Records Strategy for the US Department of Defense

AIIM

Navy Petty Officer1st Class Rholanda Tucker, assigned to the "Blacklions" of Strike Fighter Squadron 213, conducts routine maintenance on a 20mm gun from an F/A-18F Super Hornet in the hangar bay of the aircraft carrier USS Gerald R. Ford in the Adriatic Sea, July 16, 2023. The Gerald R. Ford Carrier Strike Group is on a scheduled deployment in the U.S.

article thumbnail

Customer Experience Management: Optimizing Your Strategy for Financial Success

Speaker: Diane Magers, Founder and Chief Experience Officer at Experience Catalysts

In the world of business, connecting the dots from experience to financial impact is an essential skill. Transforming customer engagement, Voice of Customer (VoC) insights, and Journey Maps into tangible financial outcomes poses a significant challenge for most organizations. To gain buy-in from the C-Suite and key stakeholders, it’s crucial to illustrate how Experience Management translates into clear, measurable business results.

article thumbnail

Black Hat Fireside Chat: The impactful role crowdsourced security intelligence must play

The Last Watchdog

From Kickstarter to Wikipedia, crowdsourcing has become a part of everyday life. Sharing intel for a greater good Now one distinctive type of crowdsourcing — ethical hacking – is positioned to become a much more impactful component of securing modern networks. I had a terrific discussion about this at Black Hat USA 2023 with Casey Ellis, founder and CTO of Bugcrowd , a pioneer in the crowdsourced security market.

Security 194

More Trending

article thumbnail

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Krebs on Security

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe , Google Chrome and Apple iOS users may have their own zero-day patching to do. On Sept. 7, researchers at Citizen Lab warned they were seeing active exploitation of a “zero-click,” zero-day flaw to install spyware on iOS devices without any interaction from the victim. 

article thumbnail

Okta Flaw Involved in MGM Resorts Breach, Attackers Claim

Dark Reading

ALPHV/BlackCat ransomware operators have used their leak site to "set the record straight" about the MGM Resorts cyberattack. Meanwhile, more attacks abusing Okta could be likely.

article thumbnail

GUEST ESSAY: Robust data management can prevent theft, guard intellectual property

The Last Watchdog

In an era of global economic uncertainty, fraud levels tend to surge, bringing to light the critical issue of intellectual property (IP) theft. Related: Neutralizing insider threats This pervasive problem extends beyond traditional notions of fraud, encompassing both insider threats and external risks arising from partnerships, competitors, and poor IP management.

MDM 191
article thumbnail

Root Admin User: When Do Common Usernames Pose a Threat?

Data Breach Today

Honeypot Hits Reinforce Need for Strong Passwords and Multifactor Authentication Honeypot data collected by CISO Jesse La Grew highlights how attackers continue to target default usernames - including for SSH - together with weak passwords to gain brute force remote access to their targets. Here are essential username, password and remote service practices for combating such attacks.

Honeypots 293
article thumbnail

How to Stay Competitive in the Evolving State of Martech

Marketing technology is essential for B2B marketers to stay competitive in a rapidly changing digital landscape — and with 53% of marketers experiencing legacy technology issues and limitations, they’re researching innovations to expand and refine their technology stacks. To help practitioners keep up with the rapidly evolving martech landscape, this special report will discuss: How practitioners are integrating technologies and systems to encourage information-sharing between departments and pr

article thumbnail

New HijackLoader malware is rapidly growing in popularity in the cybercrime community

Security Affairs

Zscaler ThreatLabz detailed a new malware loader, named HijackLoader, which has grown in popularity over the past few months HijackLoader is a loader that is gaining popularity among the cybercriminal community. The malware is not sophisticated, however, unlike other loaders, it has a modular structure that allows supporting code injection and execution.

Security 129
article thumbnail

'Scattered Spider' Behind MGM Cyberattack, Targets Casinos

Dark Reading

The ransomware group is a collection of young adults who also recently breached Caesars Entertainment and made a ransom score in the tens of millions.

article thumbnail

China-Linked Hackers Breached a Power Grid—Again

WIRED Threat Level

Signs suggest the culprits worked within a notorious Chinese hacker group that may have also hacked Indian electric utilities years earlier.

Security 144
article thumbnail

China Denies Banning Government Use of Apple iPhones

Data Breach Today

China Cites Apple Security Flaws in Warning to Foreign Mobile Device Manufacturers China hasn't ordered any restrictions on the use of Apple iPhones by government agencies, according to a Chinese government spokesperson, but the official cited recent security flaws in the iPhone and warned that foreign mobile device manufacturers must abide by domestic information security laws.

article thumbnail

The Essential Guide to Analytic Applications

Embedding dashboards, reports and analytics in your application presents unique opportunities and poses unique challenges. We interviewed 16 experts across business intelligence, UI/UX, security and more to find out what it takes to build an application with analytics at its core. No matter where you are in your analytics journey, you will learn about emerging trends and gather best practices from product experts.

article thumbnail

Rhysida Ransomware gang claims to have hacked three more US hospitals

Security Affairs

Rhysida Ransomware group added three more US hospitals to the list of victims on its Tor leak site after the PROSPECT MEDICAL attack. Recently the Rhysida ransomware group made the headlines because it announced the hack of Prospect Medical Holdings and the theft of sensitive information from the organization. In early August, a cyberattack disrupted the computer systems of multiple hospitals operated by Prospect Medical Holdings , which are located in multiple states, including California, Tex

article thumbnail

DoD: China's ICS Cyber Onslaught Aimed at Gaining Kinetic Warfare Advantage

Dark Reading

Escalating incursions into military base infrastructure, telecom networks, utilities, and more signal that Beijing is laying the groundwork for mass disruption.

Military 120
article thumbnail

News Alert: Traceable AI report exposes true scale of API-related data breaches, top challenges

The Last Watchdog

San Francisco, Calif. — Traceable AI, the industry’s leading API security company, today released its comprehensive research report – the 2023 State of API Security: A Global Study on the Reality of API Risk. Despite APIs being critical to the modern enterprise, until now, there has not been an extensive, global study offering a panoramic view of the API security landscape.

article thumbnail

DOD Cyber Strategy Aims to Disrupt Hackers, Deepen Ally Work

Data Breach Today

Defense Department Will Conduct Defensive Ops on Internal Network, Invest in People The Defense Department's updated cyber strategy calls for disrupting malicious actors and boosting the cyber capabilities of U.S. allies to take on Chinese threats to critical infrastructure. Defense officials also plan to conduct defensive operations to protect the department's information network.

268
268
article thumbnail

1st, 2nd, and 3rd Party Intent Data: Which Is Right for You?

How do 1st, 2nd, and 3rd party intent data compare? 1st, 2nd, and 3rd party data each have specific advantages and disadvantages. It comes down to four factors: accuracy, cost, control and quantity. This infographic explains the pros and cons of each and helps you understand which one is best for meeting your business objectives. Intent data can be a great way to fill your pipeline and close more deals.

article thumbnail

Akamai prevented the largest DDoS attack on a US financial company

Security Affairs

Akamai announced it has mitigated the largest distributed denial-of-service (DDoS) attack on a U.S. financial company. Cybersecurity firm Akamai successfully identified and prevented a massive distributed denial-of-service (DDoS) attack targeting an unnamed, leading American financial institution. The attack took place last week and the malicious traffic peaked at 633.7 gigabits per second.

article thumbnail

Cybersecurity Skills Gap: Roadies & Gamers Are Untapped Talent

Dark Reading

Gamers and former sound engineers and roadies can help boost the cybersecurity talent pool. Their flexible mindset and attention to detail make them valuable resources.

article thumbnail

No Dice for MGM Las Vegas as It Battles Fallout from Ransomware Attack After a 10-minute Vishing Scam

KnowBe4

Four days later, $52 million in lost revenues and counting, a cyber attack on MGM Resorts International, a $14 billion Las Vegas gaming empire with Hollywood-famous hotel spreads like the Bellagio, Cosmopolitan, E xcalibur, Luxor, and the MGM Grand itself, had the house brought down by a perfect example of vishing …a 10-minute phone call.

article thumbnail

Lessons to Learn From Clop's MOVEit Supply-Chain Attacks

Data Breach Today

Data Minimization and Encryption Mitigate Fallout, Says FS-ISAC's Teresa Walsh The Clop ransomware group's zero-day attack on MOVEit software was its fourth data theft campaign targeting secure file transfer users. Organizations can combat such attacks by using data minimization and encryption - among other defenses, says Teresa Walsh, global head of intelligence for FS-ISAC.

article thumbnail

How to Create Unique Customer Journeys to Optimize Business Outcomes

Speaker: Shawn Phillips, CCXP, Head of Growth and Innovation

A one-size-fits-all approach is a great approach – if it’s 2010. With the growth of AI, customers expect – and often demand – a customer journey based on their unique needs and history with your brand. Advanced platforms enable you to move beyond simple personalization or mass customization to create truly unique customer journeys that optimize outcomes for both your customers and your brand.

article thumbnail

Mozilla fixed a critical zero-day in Firefox and Thunderbird

Security Affairs

Mozilla addressed a critical zero-day vulnerability in Firefox and Thunderbird that has been actively exploited in attacks in the wild. Mozilla rolled out security updates to address a critical zero-day vulnerability, tracked as CVE-2023-4863 , in Firefox and Thunderbird that has been actively exploited in the wild. The vulnerability is a heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187, The vulnerability allowed a remote attacker to perform an out-of-bounds memory write via

Security 121
article thumbnail

Cuba Ransomware Gang Continues to Evolve With Dangerous Backdoor

Dark Reading

The Russian-speaking ransomware gang continues to update its tactics while managing to steal highly sensitive information from its victims.

article thumbnail

Phishing Scammers are Using Artificial Intelligence To Create Perfect Emails

KnowBe4

Phishing attacks have always been detected through broken English, but now generative artificial intelligence (AI) tools are eliminating all those red flags. OpenAI ChatGPT, for instance, can fix spelling mistakes, odd grammar, and other errors that are common in phishing emails.

article thumbnail

Critical Considerations for Generative AI Use in Healthcare

Data Breach Today

Generative AI holds great potential for many amazing applications in healthcare, but it's critical to establish a strong framework before deploying it, said Barbee Mooneyhan, vice president of security, IT and privacy of Woebot Health, a provider of AI-driven online mental health services.

Privacy 277
article thumbnail

ABM Evolution: How Top Marketers Are Using Account-Based Strategies

In times of economic uncertainty, account-based strategies are essential. According to several business analysts and practitioners, ABM is a necessity for creating more predictable revenue. Research shows that nearly three-quarters of marketers (74%) already have the resources needed to build successful ABM programs.

article thumbnail

Microsoft September 2023 Patch Tuesday fixed 2 actively exploited zero-day flaws

Security Affairs

Microsoft September 2023 Patch Tuesday addressed 59 new flaws, including two vulnerabilities under active attack. Microsoft September 2023 Patch Tuesday security updates addressed 59 vulnerabilities, including two actively exploited zero-day. The flaws addressed by the company impact Microsoft Windows and Windows Components; Exchange Server; Office and Office Components; NET and Visual Studio; Azure; Microsoft Dynamics; and Windows Defender.

Security 121
article thumbnail

Professional Sports: The Next Frontier of Cybersecurity?

Dark Reading

Sports teams, major leagues, global sporting associations, and entertainment venues are all home to valuable personal and business data. Here's how to keep them safe.

article thumbnail

Cybercriminals Selling "Golden Tickets" to Phish Microsoft 365. $500,000 in Sales in 10 Months

KnowBe4

In the movie, "Willy Wonka and the Chocolate Factory," kids unwrap chocolate bars in hopes of winning a golden ticket, giving the holder an inside tour of the sugar factory. The W3LL store is selling advanced phishing kits – a golden ticket for hacking Microsoft 365 accounts -- that can bypass multi-factor authentication (MFA) no less.

Phishing 116