Sat.Jan 21, 2023 - Fri.Jan 27, 2023

article thumbnail

Ransomware Profits Dip as Fewer Victims Pay Extortion

Data Breach Today

As Funding From Ransoms Goes Down, Gangs Embrace Re-Extortion, Researchers Warn Bad news for ransomware groups: Experts find it's getting tougher to earn a crypto-locking payday at the expense of others. The bad guys can blame a move by law enforcement to better support victims, and more organizations having robust defenses in place, which makes them tougher to take down.

article thumbnail

Experian Glitch Exposing Credit Files Lasted 47 Days

Krebs on Security

On Dec. 23, 2022, KrebsOnSecurity alerted big-three consumer credit reporting bureau Experian that identity thieves had worked out how to bypass its security and access any consumer’s full credit report — armed with nothing more than a person’s name, address, date of birth, and Social Security number. Experian fixed the glitch, but remained silent about the incident for a month.

Mining 294
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft to Block Excel Add-ins to Stop Office Exploits

Dark Reading

The company will block the configuration files, which interact with Web applications — since threat actors increasingly use the capability to install malicious code.

129
129
article thumbnail

North Korean Crypto Hackers Keep Nose to the Grindstone

Data Breach Today

TA444 Is Adaptable and Hard-Working, Say Proofpoint Researchers A North Korean hacking group tracked by cybersecurity firm Proofpoint as TA444 in December unleashed a torrent of spam in a bid to harvest credentials - evidence of a hacking group that mirrors "startup culture in its devotion to the dollar and to the grind.

article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

Administrator of RSOCKS Proxy Botnet Pleads Guilty

Krebs on Security

Denis Emelyantsev , a 36-year-old Russian man accused of running a massive botnet called RSOCKS that stitched malware into millions of devices worldwide, pleaded guilty to two counts of computer crime violations in a California courtroom this week. The plea comes just months after Emelyantsev was extradited from Bulgaria, where he told investigators, “America is looking for me because I have enormous information and they need it.

IoT 220

More Trending

article thumbnail

Cybercriminals Use VSCode Extensions as New Attack Vector

eSecurity Planet

Microsoft’s Visual Studio Code integrated development environment (IDE) is used by as much as 75% of developers, so any security issue has widespread implications. And Aqua Nautilus researchers have discovered a big one. The researchers reported earlier this month that the VSCode editor could be vulnerable to attacks targeting its extensions. The free open source and cross-platform IDE is very easy to use, and there are literally thousands of free extensions developers can install in one c

Marketing 131
article thumbnail

Reported Data Breaches in US Reach Near-Record Highs

Data Breach Today

1,802 Breach Notifications Issued in 2022; Over 440 Million Individuals Affected Data breaches in 2022 hit near-record levels as U.S. organizations issued 1,802 data breach notifications and more than 400 million individuals were affected. But only 34% of breach notifications included actionable information for consumers whose information was exposed.

article thumbnail

Unpacking ChatGPT for the Information Management Industry

AIIM

Take a deep breath. This is another article about ChatGPT and Generative AI. I'll be honest. I am the type of person that struggles to resist a good hype cycle. In 2021, I couldn't stop talking about the metaverse. I even organized a half-day workshop on the metaverse, with part of the event held in the metaverse. It was very meta. I have learned to temper my enthusiasm with analysis, though.

Marketing 104
article thumbnail

Kevin Mitnick Hacked California Law in 1983

Schneier on Security

Early in his career, Kevin Mitnick successfully hacked California law. He told me the story when he heard about my new book , which he partially recounts his 2012 book, Ghost in the Wires. The setup is that he just discovered that there’s warrant for his arrest by the California Youth Authority, and he’s trying to figure out if there’s any way out of it.

Libraries 125
article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

Threat Groups Distributing Malware via Google Ads

eSecurity Planet

Security researchers are warning that Google Ads are being actively leveraged to distribute malware to unsuspecting victims searching for software downloads. On January 20, CronUp researcher Germán Fernández warned that the DEV-0569 ransomware group is using Google Ads to distribute Gozi/Ursnif malware, RedLine stealer, and Royal ransomware. “For deployment, they use Add-MpPreference to configure exclusions in Windows Defender (extensions, paths and processes), NSudo to launch binaries wit

article thumbnail

FBI Seizes Hive Ransomware Servers in Multinational Takedown

Data Breach Today

Agents Infiltrated Hive in July 2022: 'We Hacked the Hackers,' Says DOJ Official The FBI penetrated the network of the Hive ransomware group, which has a history of attacking hospitals. A multinational operation seized the ransomware-as-a-service group's leak site and two servers located in Los Angeles. U.S. law enforcement said an investigation is ongoing.

article thumbnail

ChatGPT Doesn’t Get Writer’s Block. Discuss.

John Battelle's Searchblog

Photo by Florian Klauer on Unsplash How long have I been staring at a blank screen, this accusing white box, struggling to compose the first sentence of a post I know will be difficult to write? About two minutes, actually, but that’s at least ten times longer than ChatGPT takes to compose a full page. And it’s those two minutes – and the several days I struggled with this post afterwards – that convince me that ChatGPT will not destroy writing.

Education 115
article thumbnail

What Are You Doing for Data Protection Day?

IT Governance

Data protection is something that affects almost everything that we do. From checking our phones first thing in the morning to logging in at work, from high-street shopping to monitoring our biometric data at the gym, we are constantly handing over our personal information. Although many of us are broadly aware of the risks involved when sharing this data, we don’t fully grasp the ramifications – nor do we realise there are ways we can better protect our personal information.

article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

EDPB Publishes Report of Outcome of the Cookie Banner Taskforce

Hunton Privacy

On January 18, 2023, the European Data Protection Board (“EDPB”) published its Report on the work undertaken by the Cookie Banner Taskforce (the “Report”). The positions reflected in the Report result from the coordinated response of EU data protection authorities (“DPAs”) to the complaints filed by the non-governmental organization co-founded by privacy activist Max Schrems, None of Your Business (“NOYB”), that related to the requirements of cookie banners in the EU.

GDPR 111
article thumbnail

North Korean Hackers Attacked Horizon, Confirms FBI

Data Breach Today

Lazarus Group, APT38 Stole $100M From the Blockchain Bridge in June North Korea's Lazarus Group was behind the $100 million theft from the Horizon blockchain bridge, the U.S. federal government confirmed. The FBI vowed "to expose and combat North Korea's use of illicit activities - including cybercrime and virtual currency theft - to generate revenue.

article thumbnail

Hackers Use RMM Software to Breach Federal Agencies

eSecurity Planet

Cybercriminals recently breached U.S. federal agencies using remote monitoring and management (RMM) software as part of a widespread campaign. The malicious campaign began in June 2022 or earlier and was detected a few months later, according to an advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC).

Phishing 108
article thumbnail

How Noob Website Hackers Can Become Persistent Threats

Dark Reading

An academic analysis of website defacement behavior by 241 new hackers shows there are four clear trajectories they can take in future, researchers say.

118
118
article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

No-Fly List Exposed

Schneier on Security

I can’t remember the last time I thought about the US no-fly list: the list of people so dangerous they should never be allowed to fly on an airplane, yet so innocent that we can’t arrest them. Back when I thought about it a lot, I realized that the TSA’s practice of giving it to every airline meant that it was not well protected, and it certainly ended up in the hands of every major government that wanted it.

article thumbnail

North Korean Crypto Hackers Keep Nose to the Grind

Data Breach Today

TA444 Is Adaptable and Hard Working Say Proofpoint Researchers A North Korean hacking group tracked by cybersecurity firm Proofpoint as TA444 unleashed in December a torrent of spam in a bid to harvest credentials - evidence of a hacking group that mirrors "startup culture in its devotion to the dollar and to the grind.

article thumbnail

CNIL Fines TikTok 5 Million Euros Over Cookie Infringements

Hunton Privacy

On January 12, 2023, the French Data Protection Authority (the “CNIL”) announced a €5,000,000 fine for the social network TikTok for violations of applicable cookie rules. The fine was imposed at the end of 2022. Background The CNIL carried out several investigations of TikTok’s website (but not its mobile app) between May 2020 and June 2022. Following these investigations, the CNIL concluded that TikTok Information Technologies UK Limited and TikTok Technology Limited had failed to comply with

article thumbnail

7 Insights From a Ransomware Negotiator

Dark Reading

The rapid maturation and rebranding of ransomware groups calls for relentless preparation and flexibility in response, according to one view from the trenches.

article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

IT Governance Podcast 2023-2: Mailchimp, fast food, T-Mobile, ice rinks, iOS update and ISO 27001

IT Governance

This week, we discuss the fallout from the latest Mailchimp breach, a ransomware attack on KFC, Pizza Hut and Taco Bell’s parent company, another T-Mobile data breach, an incident affecting Planet Ice, and an update for older Apple devices. We also talk to the ISO 27001 expert Steve Watkins about his new pocket guide to the Standard. Now available on Spotify , Amazon Music , Apple Podcasts and SoundCloud.

article thumbnail

2 Hacks Involving Mental Health Data Affected Nearly 400,000

Data Breach Today

Includes Ransomware Attack on Social Services Provider, Email Hack on Behavioral Health Entity Two hacking breaches - one at a non-profit provider of foster care, mental health and substance treatment services, and the other at a provider of behavioral health services - have affected sensitive information of nearly 400,000 individuals.

article thumbnail

Cybercrime The World’s Third Largest Economy After the U.S. and China

KnowBe4

Cybersecurity Ventures released a new report that showed cybercrime is going to cost the world $8 trillion USD in 2023.

article thumbnail

TSA No-Fly List Snafu Highlights Risk of Keeping Sensitive Data in Dev Environments

Dark Reading

A Swiss hacker poking around in an unprotected Jenkins development server belonging to CommuteAir accessed the names and birthdates of some 1.5 million people on a TSA no-fly list from 2019.

Risk 106
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Beware: Images, Video Shared on Signal Hang Around

The Security Ledger

A researcher is warning that photos and video files shared in Signal chats may be hanging around on devices, even when they deleted the messages in which the images were shared. The post Beware: Images, Video Shared on Signal Hang Around appeared first on The Security Ledger with Paul F. Roberts. Related Stories IoCs vs. EoCs: What’s the difference and why should you care?

article thumbnail

Microsoft Security Sales Hit $20B as Consolidation Increases

Data Breach Today

Growing Empire: Microsoft's Security Revenue Up 33% Since 2021, 100% Since 2020 The world's largest cybersecurity vendor continues to pull away from the competition, with Microsoft's security sales surpassing $20 billion in 2022 after 33% annual growth. The cloud computing and software giant continues to reap the rewards of security tool consolidation.

Sales 200
article thumbnail

Frictionless Ediscovery: Reducing Context Switching in Your Workflow

Hanzo Learning Center

Let’s face it, if litigation is imminent and you’re preparing for the discovery process, friction has already taken place between opposing parties. But that’s not what I mean when I’m talking about “frictionless ediscovery.

IT 98