Krebs on Security

OCTOBER 17, 2023

Amir Golestan , the 40-year-old CEO of the Charleston, S.C. based technology company Micfo LLC , has been sentenced to five years in prison for wire fraud. Golestan’s sentencing comes nearly two years after he pleaded guilty to using an elaborate network of phony companies to secure more than 735,000 Internet Protocol (IP) addresses from the American Registry for Internet Numbers (ARIN), the nonprofit which oversees IP addresses assigned to entities in the U.S., Canada, and parts of the Ca

Security 293

Security Government Marketing Sales 293

Krebs on Security

OCTOBER 18, 2023

One of the oldest malware tricks in the book — hacked websites claiming visitors need to update their Web browser before they can view any content — has roared back to life in the past few months. New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency blockchain.

Blockchain 278

Blockchain Security Security awareness Access 278

Krebs on Security

OCTOBER 20, 2023

Okta , a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Okta says the incident affected a “very small number” of customers, however it appears the hackers responsible had access to Okta’s support platform for at least two weeks before the company fully contained the intrusion.

Access 318

Access Security Archiving Information Security 318

Data Breach Today

OCTOBER 18, 2023

Qualys, Rapid7 Depart Forrester's Leaderboard as Data Ingestion Takes Center Stage Tenable held steady atop Forrester's vulnerability risk management rankings while Vulcan Cyber broke into the leaders category and Rapid7 and Qualys tumbled from the leaderboard. The way vendors deliver vulnerability management has shifted away from ingesting vulnerability assessment results.

Risk 327

Risk 327

Speaker: Dr. Greg Loughnane and Chris Alexiuk

Technology professionals developing generative AI applications are finding that there are big leaps from POCs and MVPs to production-ready applications. They're often developing using prompting, Retrieval Augmented Generation (RAG), and fine-tuning (up to and including Reinforcement Learning with Human Feedback (RLHF)), typically in that order. However, during development – and even more so once deployed to production – best practices for operating and improving generative AI applications are le

Data science

The Last Watchdog

OCTOBER 17, 2023

Cisco’s recent move to acquire SIEM stalwart Splunk for a cool $28 billion aligns with the rising urgency among companies in all sectors to better protect data — even as cyber threats intensify and disruptive advancements in AI add a wild card to this challenge. Related: Will Cisco flub Splunk? Cisco CEO Chuck Robbins hopes to boost the resiliency the network switching giant’s growing portfolio of security services.

Cloud 307

Cloud Security Analytics Big data 307

Dark Reading

OCTOBER 16, 2023

No patch or workaround is currently available for the maximum severity flaw, which allows attackers to gain complete administrator privilege on affected devices remotely and without authentication.

Authentication 139

Authentication 139

Data Breach Today

OCTOBER 20, 2023

BeyondTrust Says It Took Okta Nearly 3 Weeks to Confirm Breach It First Spotted A breach of Okta's support case management system using a stolen credential allowed attackers to access sensitive files uploaded by the identity security giant's customers. San Francisco-based Okta said the threat actor could view filed uploaded by certain customers as part of recent support cases.

Security 316

Security Access IT 316

The Last Watchdog

OCTOBER 18, 2023

The ubiquity of smart surveillance systems has contributed greatly to public safety. Related: Monetizing data lakes Image capture devices embedded far and wide in public spaces help deter crime as well as aid first responders — but they also stir rising concerns about an individual’s right to privacy. Enter attribute-based encryption ( ABE ) an advanced type of cryptography that’s now ready for prime time.

Encryption 265

Encryption Privacy Data breaches Cloud 265

Thales Cloud Protection & Licensing

OCTOBER 17, 2023

Cyber Security Awareness Month – Answering Google’s Most Commonly Asked Questions madhav Wed, 10/18/2023 - 05:25 This month is Cyber Security Awareness Month , highlighting how far security education needs to go in order to enable a secure interconnected world. Technology continues to improve our lives – but at the same time the risks continue to grow.

Security awareness 127

Security awareness Security Passwords Encryption 127

Speaker: Keith Kmett, Principal CX Advisor at Medallia

Join Keith Kmett, Principal CX Advisor, in this new webinar that will focus on: Understanding CX Orchestration Fundamentals: Gain a solid understanding of what CX orchestration is, its significance in the customer experience landscape, and how it plays a crucial role in shaping customer journeys. This includes the key concepts, strategies, and best practices involved in CX orchestration. 🔑 Connection to Customer Journey Maps: How to effectively integrate customer journey mapping into the

Customer Experience

Dark Reading

OCTOBER 19, 2023

The state-sponsored threat actors (aka APT34, Crambus, Helix Kitten, or OilRig) spent months seemingly taking whatever government data they wished, using never-before-seen tools.

Government 123

Government 123

Data Breach Today

OCTOBER 18, 2023

Pyongyang Hackers Exploiting Critical TeamCity Server Bug North Korean nation-state threat actors are exploiting a critical remote code execution vulnerability affecting multiple versions of a DevSecOps tool - a high-risk development, especially in light of Pyongyang hackers' recent track record of supply chain hacks.

Risk 307

Risk 307

The Last Watchdog

OCTOBER 16, 2023

Supply chain security grows more crucial daily as cybercriminals attempt to disrupt distribution and transportation. In response, industry professionals must automate their cybersecurity tools to stay ahead. Why so? The 2020 SolarWinds cybersecurity incident — which industry experts call the supply chain attack of the decade — was an incredibly high-profile breach affecting massive corporations.

Cybersecurity 148

Cybersecurity Data breaches Artificial Intelligence Security 148

Schneier on Security

OCTOBER 17, 2023

Online voting is insecure, period. This doesn’t stop organizations and governments from using it. (And for low-stakes elections, it’s probably fine.) Switzerland—not low stakes—uses online voting for national elections. Ed Appel explains why it’s a bad idea: Last year, I published a 5-part series about Switzerland’s e-voting system.

Security 125

Security Blockchain Paper Cybersecurity 125

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Cybersecurity

Security Affairs

OCTOBER 16, 2023

Cisco warned customers of a critical zero-day vulnerability in its IOS XE Software that is actively exploited in attacks. Cisco warned customers of a zero-day vulnerability, tracked as CVE-2023-20198 (CVSS score 10), in its IOS XE Software that is actively exploited in attacks. The IT giant found the vulnerability during the resolution of multiple Technical Assistance Center (TAC) support cases.

Security 125

Security Access Information Security IT 125

Data Breach Today

OCTOBER 19, 2023

APT34 Used Microsoft Exchange Server to Send Email Commands to Backdoor Malware Iranian state-sponsored hackers conducted an eight-month espionage campaign against a Middle Eastern government, compromising dozens of computers. The Crambus group exploited publicly available tools and three novel pieces of malware to access systems, maintain persistence and steal data.

Government 299

Government Access 299

The Last Watchdog

OCTOBER 20, 2023

Vilnius, Lithuania, Oct. 20, 2023 — The UN Office on Drugs and Crime estimates that 5% of global GDP (£1.6 trillion) is laundered yearly , with increasing volumes of online data and the digitization of the economy making fraudsters more creative and difficult to catch. “Enterprises in the finance, banking, and telecommunications sectors are the most susceptible to online fraud, but it can happen to any company,” said Vaidotas Sedys , Head of Risk Management at Oxylabs.

Cybersecurity 100

Cybersecurity Artificial Intelligence Phishing Cloud 100

Dark Reading

OCTOBER 18, 2023

The latest threat to Citrix NetScaler, CVE-2023-4966, was exploited as a zero-day bug for months before a patch was issued. Researchers expect exploitation efforts to surge.

123

123

Advertisement

There’s a good reason why Apache Cassandra® is quickly becoming the NoSQL database of choice for organizations of all stripes. In this white paper, discover the key use cases that make Cassandra® such a compelling open source software – and learn the important pitfalls to avoid. From understanding its distributed architecture to unlocking its incredible power for industries like healthcare, finance, retail and more, experience how Cassandra® can transform your entire data operations.

Retail

Security Affairs

OCTOBER 14, 2023

The Lockbit ransomware gang claims to have hacked the technology services giant CDW and threatens to leak the stolen data. The technology services giant CDW announced it has launched an investigation into claims made by the Lockbit ransomware gang that added the company to the list of victims on its leak site. CDW Corporation is a provider of technology solutions and services for business, government and education.

Ransomware 126

Ransomware Cybersecurity Security Archiving 126

Data Breach Today

OCTOBER 19, 2023

Aleksanteri Kivimäki Charged for the 2020 Leak of Mental Health Clinic Database The hacker who allegedly leaked mental health records online after breaking into a Helsinki-based psychotherapy chain's patient database has been charged with multiple counts of extortion and data leak in Finnish court. Finnish national Aleksanteri Tomminpoika Kivimäki, 26, has denied guilt.

296

296

The Last Watchdog

OCTOBER 19, 2023

Bedford, Mass., Oct. 17, 2023 — NetWitness , a globally trusted provider of cybersecurity software and services, has today announced the 12.3 release of its award-winning NetWitness Intelligent Threat Detection and Response Platform. The latest update offers enterprises more visibility into cyber threats than ever before with passive discovery, categorization, and ranking of all network assets, which allows companies to best prioritize potential risks.

Cloud 100

Cloud Encryption Cybersecurity Analytics 100

Dark Reading

OCTOBER 17, 2023

Just a day after Cisco disclosed CVE-2023-20198, it remains unpatched, and one vendor says a Shodan scan shows at least 10,000 Cisco devices with an implant for arbitrary code execution on them. The vendor meanwhile has updated the advisory with more mitigation steps.

IT 122

IT 122

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

WIRED Threat Level

OCTOBER 17, 2023

X is promoting Community Notes to solve its disinformation problems, but some former employees and people who currently contribute notes say it’s not fit for that purpose.

IT 121

IT Security 121

Data Breach Today

OCTOBER 19, 2023

Thousands of IT Workers Defrauded US Firms to Earn Hundreds of Millions of Dollars Thousands of North Korean IT workers hid their identities to earn hundreds of millions of dollars in IT contract work from overseas companies to help finance the country's weapons development program, U.S. and South Korean agencies said. Officials said to watch for workers who are camera-shy.

IT 291

IT 291

The Last Watchdog

OCTOBER 16, 2023

Vodnjan, Croatia, October 16, 2023 – Global cloud communications platform Infobip has identified five common frauds impacting mobile users in the messaging ecosystem. Infobip explains the security challenges enterprises and mobile network operators (MNOs) face in the application-to-person (A2P) messaging ecosystem. Company also explains its role as a co-guardian of the A2P ecosystem with MNOs, helping protect brands and mobile users with its firewall.

Security 100

Security Privacy Phishing Communications 100

Dark Reading

OCTOBER 20, 2023

If we really want to move the dial on security habits, it's time to think beyond phishing tests. Our panel of CISOs and other security heavy-hitters offer expert tips that go beyond the obvious.

Security 119

Security Phishing IT 119

Speaker: Steve Pappas

As businesses strive for success in an increasingly digitized world, delivering an exceptional customer experience has become paramount. To meet this demand, enterprises are embracing innovative approaches that captivate customers and fuel their loyalty. 💥 Enter conversational AI - an absolute game-changer (if done right) in redefining CX norms.

Customer Experience

Hunton Privacy

OCTOBER 19, 2023

On October 17, 2023, The First-tier Tribunal of the UK General Regulatory Chamber allowed an appeal by Clearview AI Inc (“Clearview”) against an enforcement notice and fine issued by the UK’s Information Commissioner’s Office (“ICO”). On May 18, 2022, the ICO issued an enforcement notice requiring that Clearview delete the personal data of UK individuals collected through the use of its facial recognition technology and held in its database (the “Notice”), as well as a fine of £7.5 million, alle

GDPR 117

GDPR Personal data Government Security 117

Data Breach Today

OCTOBER 19, 2023

Also: Navy IT Manager Sentenced to 5 Years in Prison for Accessing Database This week, Citrix's update was insufficient, a Navy IT manager was sentenced to prison for accessing a database, a Moldovan man pleaded not guilty to running a credentials marketplace, new details emerged on health data breaches, and a television advertising giant suffered a ransomware attack.

Data breaches 292

Data breaches Ransomware Access IT 292

Security Affairs

OCTOBER 20, 2023

More than 40,000 Cisco IOS XE devices have been compromised in attacks exploiting recently disclosed critical vulnerability CVE-2023-20198. Researchers from LeakIX used the indicators of compromise (IOCs) released by Cisco Talos and found around 30k Cisco IOS XE devices (routers, switches, VPNs) that were infected by exploiting the CVE-2023-20198. Most of the infected devices were in the United States, the Philippines, Chile, and Mexico.

Security 117

Security Cybersecurity Access Information Security 117