Krebs on Security

OCTOBER 17, 2023

Amir Golestan , the 40-year-old CEO of the Charleston, S.C. based technology company Micfo LLC , has been sentenced to five years in prison for wire fraud. Golestan’s sentencing comes nearly two years after he pleaded guilty to using an elaborate network of phony companies to secure more than 735,000 Internet Protocol (IP) addresses from the American Registry for Internet Numbers (ARIN), the nonprofit which oversees IP addresses assigned to entities in the U.S., Canada, and parts of the Ca

Marketing 301

Marketing Sales Government Security 301

Krebs on Security

OCTOBER 18, 2023

One of the oldest malware tricks in the book — hacked websites claiming visitors need to update their Web browser before they can view any content — has roared back to life in the past few months. New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain.

Blockchain 287

Blockchain Security awareness Security IT 287

Krebs on Security

OCTOBER 20, 2023

Okta , a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Okta says the incident affected a “very small number” of customers, however it appears the hackers responsible had access to Okta’s support platform for at least two weeks before the company fully contained the intrusion.

Access 327

Access Archiving Authentication Security 327

Data Breach Today

OCTOBER 18, 2023

Qualys, Rapid7 Depart Forrester's Leaderboard as Data Ingestion Takes Center Stage Tenable held steady atop Forrester's vulnerability risk management rankings while Vulcan Cyber broke into the leaders category and Rapid7 and Qualys tumbled from the leaderboard. The way vendors deliver vulnerability management has shifted away from ingesting vulnerability assessment results.

Risk 336

Risk 336

Advertisement

With its unparalleled flexibility, rapid development and cost-saving capabilities, open source is proving time and again that it’s the leader in data management. But as the growth in open source adoption increases, so does the complexity of your data infrastructure. In this Analyst Brief developed with IDC, discover how and why the best solution to this complexity is a managed service, including: Streamlined compliance with some of the most complex regulatory guidelines Simplified operations, li

Compliance

Dark Reading

OCTOBER 16, 2023

No patch or workaround is currently available for the maximum severity flaw, which allows attackers to gain complete administrator privilege on affected devices remotely and without authentication.

Authentication 139

Authentication 139

Security Affairs

OCTOBER 14, 2023

The Lockbit ransomware gang claims to have hacked the technology services giant CDW and threatens to leak the stolen data. The technology services giant CDW announced it has launched an investigation into claims made by the Lockbit ransomware gang that added the company to the list of victims on its leak site. CDW Corporation is a provider of technology solutions and services for business, government and education.

Ransomware 128

Ransomware Archiving Cybersecurity Education 128

Data Breach Today

OCTOBER 20, 2023

BeyondTrust Says It Took Okta Nearly 3 Weeks to Confirm Breach It First Spotted A breach of Okta's support case management system using a stolen credential allowed attackers to access sensitive files uploaded by the identity security giant's customers. San Francisco-based Okta said the threat actor could view filed uploaded by certain customers as part of recent support cases.

Access 330

Access Security IT 330

Schneier on Security

OCTOBER 17, 2023

Online voting is insecure, period. This doesn’t stop organizations and governments from using it. (And for low-stakes elections, it’s probably fine.) Switzerland—not low stakes—uses online voting for national elections. Ed Appel explains why it’s a bad idea: Last year, I published a 5-part series about Switzerland’s e-voting system.

Paper 129

Paper Security Blockchain Cybersecurity 129

The Last Watchdog

OCTOBER 20, 2023

Vilnius, Lithuania, Oct. 20, 2023 — The UN Office on Drugs and Crime estimates that 5% of global GDP (£1.6 trillion) is laundered yearly , with increasing volumes of online data and the digitization of the economy making fraudsters more creative and difficult to catch. “Enterprises in the finance, banking, and telecommunications sectors are the most susceptible to online fraud, but it can happen to any company,” said Vaidotas Sedys , Head of Risk Management at Oxylabs.

Artificial Intelligence 100

Artificial Intelligence Big data Cybersecurity Cloud 100

Advertisement

The complexity of financial data, the need for real-time insight, and the demand for user-friendly visualizations can seem daunting when it comes to analytics - but there is an easier way. With Logi Symphony, we aim to turn these challenges into opportunities. Our platform empowers you to seamlessly integrate advanced data analytics, generative AI, data visualization, and pixel-perfect reporting into your applications, transforming raw data into actionable insights.

Analytics

Security Affairs

OCTOBER 16, 2023

Cisco warned customers of a critical zero-day vulnerability in its IOS XE Software that is actively exploited in attacks. Cisco warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), in its IOS XE Software that is actively exploited in attacks. The IT giant found the vulnerability during the resolution of multiple Technical Assistance Center (TAC) support cases.

Access 128

Access IT Security Information Security 128

Data Breach Today

OCTOBER 18, 2023

Pyongyang Hackers Exploiting Critical TeamCity Server Bug North Korean nation-state threat actors are exploiting a critical remote code execution vulnerability affecting multiple versions of a DevSecOps tool - a high-risk development, especially in light of Pyongyang hackers' recent track record of supply chain hacks.

Risk 317

Risk 317

Hunton Privacy

OCTOBER 19, 2023

On October 17, 2023, The First-tier Tribunal of the UK General Regulatory Chamber allowed an appeal by Clearview AI Inc (“Clearview”) against an enforcement notice and fine issued by the UK’s Information Commissioner’s Office (“ICO”). On May 18, 2022, the ICO issued an enforcement notice requiring that Clearview delete the personal data of UK individuals collected through the use of its facial recognition technology and held in its database (the “Notice”), as well as a fine of £7.5 million, alle

GDPR 123

GDPR Personal data Government IT 123

The Last Watchdog

OCTOBER 19, 2023

Bedford, Mass., Oct. 17, 2023 — NetWitness , a globally trusted provider of cybersecurity software and services, has today announced the 12.3 release of its award-winning NetWitness Intelligent Threat Detection and Response Platform. The latest update offers enterprises more visibility into cyber threats than ever before with passive discovery, categorization, and ranking of all network assets, which allows companies to best prioritize potential risks.

Analytics 100

Analytics Cloud Encryption Marketing 100

Advertisement

Adding high-quality entity resolution capabilities to enterprise applications, services, data fabrics or data pipelines can be daunting and expensive. Organizations often invest millions of dollars and years of effort to achieve subpar results. This guide will walk you through the requirements and challenges of implementing entity resolution. By the end, you'll understand what to look for, the most common mistakes and pitfalls to avoid, and your options.

IT

Security Affairs

OCTOBER 15, 2023

The Alphv ransomware group added the Morrison Community Hospital to its dark web leak site. Threat actors continue to target hospitals. The ALPHV/BlackCat ransomware group claims to have hacked the Morrison Community Hospital and added it to its dark web Tor leak site. The group claims to have stolen 5TB of patients’ and employee’s information, backups, PII documents, and more.

Ransomware 121

Ransomware Encryption Data breaches IT 121

Data Breach Today

OCTOBER 19, 2023

Aleksanteri Kivimäki Charged for the 2020 Leak of Mental Health Clinic Database The hacker who allegedly leaked mental health records online after breaking into a Helsinki-based psychotherapy chain's patient database has been charged with multiple counts of extortion and data leak in Finnish court. Finnish national Aleksanteri Tomminpoika Kivimäki, 26, has denied guilt.

310

310

Dark Reading

OCTOBER 19, 2023

The state-sponsored threat actors (aka APT34, Crambus, Helix Kitten, or OilRig) spent months seemingly taking whatever government data they wished, using never-before-seen tools.

Government 121

Government 121

WIRED Threat Level

OCTOBER 17, 2023

X is promoting Community Notes to solve its disinformation problems, but some former employees and people who currently contribute notes say it’s not fit for that purpose.

IT 121

IT Security 121

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

Artificial Intelligence

Security Affairs

OCTOBER 18, 2023

Google TAG reported that both Russia and China-linked threat actors are weaponizing the a high-severity vulnerability in WinRAR. Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. The researchers reported that several cybercrime groups began exploiting the flaw in early 2023, when the bug was still a zero-day.

Archiving 120

Archiving Security IT Data breaches 120

Data Breach Today

OCTOBER 19, 2023

APT34 Used Microsoft Exchange Server to Send Email Commands to Backdoor Malware Iranian state-sponsored hackers conducted an eight-month espionage campaign against a Middle Eastern government, compromising dozens of computers. The Crambus group exploited publicly available tools and three novel pieces of malware to access systems, maintain persistence and steal data.

Government 300

Government Access 300

Dark Reading

OCTOBER 18, 2023

The latest threat to Citrix NetScaler, CVE-2023-4966, was exploited as a zero-day bug for months before a patch was issued. Researchers expect exploitation efforts to surge.

122

122

KnowBe4

OCTOBER 20, 2023

As the digital landscape continues to evolve, so do the tactics of cybercriminals. The Hoxhunt Challenge , a comprehensive study conducted across 38 organizations spanning nine industries and 125 countries, has uncovered a disconcerting trend in the world of QR code phishing attacks.

Phishing 117

Phishing 117

Advertisement

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

Paper

Security Affairs

OCTOBER 20, 2023

More than 40,000 Cisco IOS XE devices have been compromised in attacks exploiting recently disclosed critical vulnerability CVE-2023-20198. Researchers from LeakIX used the indicators of compromise (IOCs) released by Cisco Talos and found around 30k Cisco IOS XE devices (routers, switches, VPNs) that were infected by exploiting the CVE-2023-20198. Most of the infected devices were in the United States, the Philippines, Chile, and Mexico.

Access 119

Access Security Cybersecurity IT 119

Data Breach Today

OCTOBER 19, 2023

Also: Navy IT Manager Sentenced to 5 Years in Prison for Accessing Database This week, Citrix's update was insufficient, a Navy IT manager was sentenced to prison for accessing a database, a Moldovan man pleaded not guilty to running a credentials marketplace, new details emerged on health data breaches, and a television advertising giant suffered a ransomware attack.

Data breaches 298

Data breaches Ransomware Access IT 298

Dark Reading

OCTOBER 17, 2023

Just a day after Cisco disclosed CVE-2023-20198, it remains unpatched, and one vendor says a Shodan scan shows at least 10,000 Cisco devices with an implant for arbitrary code execution on them. The vendor meanwhile has updated the advisory with more mitigation steps.

IT 121

IT 121

Imperial Violet

OCTOBER 17, 2023

Chrome 118 (which is rolling out to the Stable channel now) contains support for creating and accessing passkeys in iCloud Keychain. Firstly, I’d like to thank Apple for creating an API for this that browsers can use: it’s a bunch of work, and they didn’t have to. Chrome has long had support for creating WebAuthn credentials on macOS that were protected by the macOS Keychain and stored in the local Chrome profile.

Passwords 105

Passwords Metadata Access IT 105

Advertisement

In the fast-moving manufacturing sector, delivering mission-critical data insights to empower your end users or customers can be a challenge. Traditional BI tools can be cumbersome and difficult to integrate - but it doesn't have to be this way. Logi Symphony offers a powerful and user-friendly solution, allowing you to seamlessly embed self-service analytics, generative AI, data visualization, and pixel-perfect reporting directly into your applications.

Analytics

Security Affairs

OCTOBER 18, 2023

A vulnerability in Synology DiskStation Manager ( DSM ) could be exploited to decipher an administrator’s password. Researchers from Claroty’s Team82 discovered a vulnerability, tracked as CVE-2023-2729 (CVSS score 5.9), in Synology DiskStation Manager (DSM). Team82 discovered the use of a weak random number generator in Synology’s DiskStation Manager (DSM) Linux-based operating system running on the NAS products.

Passwords 119

Passwords Security IT Information Security 119

Data Breach Today

OCTOBER 18, 2023

While RARLabs Patched Flaw, 'Many Users' Don't Appear to Have Updated the Software Nation-state hackers are targeting a vulnerability in WinRAR, a popular Windows utility for archiving files, warns Google’s Threat Analysis Group, which said it has seen "government-backed hacking groups" who hail from multiple countries, including China and Russia, targeting the bug.

Archiving 297

Archiving Government IT 297

Dark Reading

OCTOBER 17, 2023

The move by the e-commerce kahuna to offer advanced authentication to its 300+ million users has the potential to move the needle on the technology's adoption, security experts say.

Authentication 118

Authentication Security IT 118