Sat.May 25, 2024 - Fri.May 31, 2024

article thumbnail

Is Your Computer Part of ‘The Largest Botnet Ever?’

Krebs on Security

The U.S. Department of Justice (DOJ) today said they arrested the alleged operator of 911 S5 , a ten-year-old online anonymity service that was powered by what the director of the FBI called “likely the world’s largest botnet ever.” The arrest coincided with the seizure of the 911 S5 website and supporting infrastructure, which the government says turned computers running various “free VPN” products into Internet traffic relays that facilitated billions of dollars i

Cloud 306
article thumbnail

Operation Endgame

Troy Hunt

Today we loaded 16.5M email addresses and 13.5M unique passwords provided by law enforcement agencies into Have I Been Pwned (HIBP) following botnet takedowns in a campaign they've coined Operation Endgame. That link provides an excellent over so start there then come back to this blog post which adds some insight into the data and explains how HIBP fits into the picture.

Passwords 132
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Advanced AI and end-to-end automation to accelerate IDP growth in 2024

Info Source

By Petra Beck, Senior Analyst, Software Practice at In fosource Later this year, In fosource will deliver an updated quantitative assessment for the Capture and In telligent Document Processing ( IDP ) market. But in the meantime, I have taken a qualitative look at the major trends expected to shape IDP market dynamics in 2024 and beyond. Generative artificial in telligence ( AI ) is the mega-trend behind most of the other trends we observe in IDP.

B2C 40
article thumbnail

Microsoft Warns of North Korea's 'Moonstone Sleet'

Data Breach Today

Pyongyang Threat Actor Is After Money and Information A North Korean hacking group wants to make money for the cash-starved Pyongyang regime and conduct bread-and-butter cyberespionage, say Microsoft researchers in a profile of a group they track as "Moonstone Sleet." North Korea has a well-established history of hacking for profit.

303
303
article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

'Operation Endgame' Hits Malware Delivery Platforms

Krebs on Security

Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware.

More Trending

article thumbnail

How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet

WIRED Threat Level

Thanks to a flaw in a decade-old version of the RoboForm password manager and a bit of luck, researchers were able to unearth the password to a crypto wallet containing a fortune.

Passwords 142
article thumbnail

Breach Roundup: Google AI Blunders Go Viral

Data Breach Today

Also: Okta Alert on Credential Stuffing; Data Breaches in Spain This week, Google AI search provided wrong answers, Internet Archive suffered DDos attack, Okta warned of credential stuffing, Canada shut down two tech firms, attackers delivered malware with Stack Overflow, Telefónica is probing breach, Iberdrola was breached and RansomHub said it hit Christie's.

article thumbnail

Treasury Sanctions Creators of 911 S5 Proxy Botnet

Krebs on Security

The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5 , an online anonymity service that for many years was the easiest and cheapest way to route one’s Web traffic through malware-infected computers around the globe. KrebsOnSecurity identified one of the three men in a July 2022 investigation into 911 S5, which was massively hacked and then closed ten days later.

Cloud 226
article thumbnail

RSAC Fireside Chat: Start-up Anetac rolls out a solution to rising ‘service accounts’ exposures

The Last Watchdog

From MFA to biometrics, a lot has been done to reinforce user ID and password authentication — for human users. Related: How weak service accounts factored into SolarWinds hack By comparison, almost nothing has been done to strengthen service accounts – the user IDs and passwords set up to authenticate all the backend, machine-to-machine connections of our digital world.

Passwords 130
article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

New ATM Malware family emerged in the threat landscape

Security Affairs

Experts warn of a new ATM malware family that is advertised in the cybercrime underground, it was developed to target Europe. A threat actor is advertising a new ATM malware family that claims to be able of compromised 99% of devices in Europe. The threat actor is offering the malware for $30,000, he claims that the “EU ATM Malware” is designed from scratch and that can also target approximately 60% of ATMs worldwide.

article thumbnail

Court Orders Optus to Release Data Breach Report to Lawyers

Data Breach Today

Class Action Law Firms Seek Access to Commissioned Deloitte Report Into Mega-Breach The Federal Court of Australia has rejected a request from telecommunications giant Optus to keep private a detailed digital forensic investigation report conducted by Deloitte into the massive data breach it suffered in 2022, exposing private information pertaining to nearly 10 million customers.

article thumbnail

The Unusual Espionage Act Case Against a Drone Photographer

WIRED Threat Level

In seemingly the first case of its kind, the US Justice Department has charged a Chinese national with using a drone to photograph a Virginia shipyard where the US Navy was assembling nuclear submarines.

IT 115
article thumbnail

RSAC Fireside Chat: Dispersive adapts WWII radio-signal masking tool to obfuscating network traffic

The Last Watchdog

Spread spectrum technology helped prevent the jamming of WWII radio-controlled torpedoes and subsequently became a cornerstone of modern-day telecom infrastructure. For its next act, could spread spectrum undergird digital resiliency? I had an evocative discussion about this at RSAC 2024 with Dispersive CEO Rajiv Plimplaskar. For a full drill down, please give the accompanying podcast a listen.

Military 130
article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-24919 Check Point Quantum Security Gateways Information Disclosure Vulnerability CVE-2024-1086 Linux Kernel Use-After-Free Vulnerability The vulnerability CVE-2024-24919 is a Quantum Gateway information disclosure

IT 113
article thumbnail

FBI Says It Dismantled 'Likely the World's Largest Botnet'

Data Breach Today

US-Led Operation Disrupts 911 S5 Botnet in Global Crackdown FBI Director Christopher Wray said the U.S. led an internationally coordinated effort to disrupt and dismantle what may be one of the world's largest malicious botnet services, which had accrued 19 million IP addresses by the time it was taken down and its primary administrator was arrested in May.

IT 276
article thumbnail

Criminals Abuse Cloud Storage Platforms to Host Phishing Sites

KnowBe4

Threat actors are abusing cloud storage platforms to host phishing sites that can more easily evade detection by security scanners, according to researchers at Enea. Criminals are exploiting numerous cloud services, including Google Cloud, AWS, IBM Cloud, and others.

Phishing 112
article thumbnail

GUEST ESSAY: Taking a systematic approach to achieving secured, ethical AI model development

The Last Watchdog

AI has the potential to revolutionize industries and improve lives, but only if we can trust it to operate securely and ethically. Related: The key to the GenAI revolution By prioritizing security and responsibility in AI development, we can harness its power for good and create a safer, more unbiased future. Developing a secured AI system is essential because artificial intelligence is a transformative technology, expanding its capabilities and societal influence.

article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

A high-severity vulnerability affects Cisco Firepower Management Center

Security Affairs

Cisco addressed a SQL injection vulnerability in the web-based management interface of the Firepower Management Center (FMC) Software. Cisco addressed a vulnerability, tracked as CVE-2024-20360 (CVSS score 8.8), in the web-based management interface of the Firepower Management Center (FMC) Software. The vulnerability is a SQL injection issue, an attacker can exploit the flaw to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privile

article thumbnail

Bitsight, SecurityScorecard, Panorays Lead Risk Ratings Tech

Data Breach Today

Automation, Improved Data Validation Reduce False Positives for Cyber Risk Ratings By improving data validation and incorporating automation, cyber risk ratings platforms are addressing trust issues and enhancing their role in third-party risk management. Bitsight and SecurityScorecard continue to lead the market, Forrester said, and Panorays became a leader.

Risk 260
article thumbnail

Supply Chain Attack against Courtroom Software

Schneier on Security

No word on how this backdoor was installed: A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack. The software, known as the JAVS Viewer 8, is a component of the JAVS Suite 8 , an application package courtrooms use to record, play back, and manage audio and video from proceed

article thumbnail

Cybercriminals Target Hajj Pilgrims

KnowBe4

Criminals are launching a variety of scams targeting Muslims around the world who are planning on making the Hajj pilgrimage to Mecca, according to researchers at Resecurity.

Security 104
article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

ShinyHunters is selling data of 30 million Santander customers

Security Affairs

The threat actor ShinyHunters claims breach of Santander and is offering for sale bank data, including information for 30 million customers. A notorious threat actor ShinyHunters is offering a huge trove of data allegedly stolen from the Santander Bank for sale. ShinyHunters claims to have stolen information for 30 million customers, employees, and bank account data.

Sales 109
article thumbnail

European Police Take Down Botnet Servers, Make Arrests

Data Breach Today

'Operation Endgame' Disrupted 5 Botnets Including IcedID and SmokeLoader An international law enforcement operation resulted in the arrests of four botnet operators and the seizure of more than 100 servers used as infrastructure for malware dropper botnets. Armenian police arrested one person and Ukrainian police arrested three. German police are seeking eight suspects.

243
243
article thumbnail

High Resolution Scanning

Record Nations

High resolution scanning is a specific type of professional digitization that scans images to 600 dots per inch (DPI) and higher. This kind of scanning can be used for many different kinds of images, objects, and documents. Scanning documents at a higher resolution means that they are clearer and have more detail, which may be. High Resolution Scanning The post High Resolution Scanning appeared first on Record Nations.

article thumbnail

China Threat Actor Targeting African and Caribbean Entities With Spear Phishing Attacks

KnowBe4

The China-aligned threat actor “Sharp Dragon” is launching spear phishing attacks against government entities in African and Caribbean countries, according to researchers at Check Point.

Phishing 102
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Experts released PoC exploit code for RCE in Fortinet SIEM

Security Affairs

Researchers released a proof-of-concept (PoC) exploit for remote code execution flaw CVE-2024-23108 in Fortinet SIEM solution. Security researchers at Horizon3’s Attack Team released a proof-of-concept (PoC) exploit for a remote code execution issue, tracked as CVE-2024-23108 , in Fortinet’s SIEM solution. The PoC exploit allows executing commands as root on Internet-facing FortiSIEM appliances.

article thumbnail

RedTail Cryptomining Malware Exploits PAN-OS Vulnerability

Data Breach Today

Threat Actors Mirror the Tactics of North Korea's Lazarus Group Cryptomining malware that might be North Korean in origin is targeting edge devices, including a zero-day in Palo Alto Networks' custom operating system that the company hurriedly patched in April. It appears threat actors operate their own mining pools or pool proxies rather than using public ones.

Mining 183
article thumbnail

Responsible AI can revolutionize tax agencies to improve citizen services

IBM Big Data Hub

The new era of generative AI has spurred the exploration of AI use cases to enhance productivity, improve customer service, increase efficiency and scale IT modernization. Recent research commissioned by IBM® indicates that as many as 42% of surveyed enterprise-scale businesses have actively deployed AI, while an additional 40% are actively exploring the use of AI technology.