Sat.Apr 30, 2022 - Fri.May 06, 2022

article thumbnail

Ukraine and Romania Suffer Large Scale DDoS Attacks

Data Breach Today

Killnet Claims Responsibility for Targeting Romanian Authorities The Computer Emergency Response Team of Ukraine, along with the National Bank of Ukraine, are warning of massive DDoS attacks against pro-Ukrainian targets. The intelligence service in Romania, SRI, also warns of a similar type of attack targeting sites belonging to its national authorities.

IT 361
article thumbnail

SolarWinds Attackers Gear Up for Typosquatting Attacks

Dark Reading

The same infrastructure traced back to Russian-speaking threat group Nobelium is being used to set up misspelled domain names, presaging impersonation attacks bent on credential harvesting, analysts say.

131
131
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

IoT and Cybersecurity: What’s the Future?

Security Affairs

IoT gizmos make our lives easier, but we forget that these doohickeys are IP endpoints that act as mini-radios. They continuously send and receive data via the internet and can be the easiest way for a hacker to access your home network. IoT devices can spy on people, steal data, or bring down vast swathes of the internet, as happened in 2016 when Mirai malware infiltrated devices such as baby monitors and refrigerators and locked them into a botnet for the Dyn cyberattack.

IoT 122
article thumbnail

Russia to Rent Tech-Savvy Prisoners to Corporate IT?

Krebs on Security

Image: Proxima Studios, via Shutterstock. Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s prison population to perform low-cost IT work for domestic companies.

IT 282
article thumbnail

Apache Cassandra® NoSQL for the Relational DBA

Unleash the power of NoSQL with "Apache Cassandra® NoSQL for the Relational DBA." Learn from Lewis DiFelice, an experienced Professional Services Consultant at Instaclustr, as he shares his journey transitioning from SQL to managing a 40-node Cassandra cluster. Gain insights into Cassandra's architecture, configuration strategies, and best practices.

article thumbnail

Phisher Jailed After Tricking Pentagon Out of $24 Million

Data Breach Today

California Resident Found Guilty on Total of 6 Criminal Counts Sercan Oyuntur, a 40-year-old California resident, has been found guilty of stealing payments of over $23 million from the U.S. Department of Defense, according to the U.S. Department of Justice. The stolen payment was meant for DOD's jet fuel suppliers.

343
343

More Trending

article thumbnail

Market Leading Cybersecurity and National Security Lawyers David Lashway and John Woods Join Sidley in Washington, D.C.

Data Matters

Washington, D.C. – Sidley announced today that David Lashway and John Woods have joined as partners in the firm’s Privacy and Cybersecurity practice in Washington, D.C. Mr. Lashway and Mr. Woods join Sidley from Baker McKenzie where they started and led the global cybersecurity practice group for over 10 years. “David and John’s industry leading knowledge and global experience provide a rare viewpoint of the current geopolitical risks in the world today and will have an immediate and positive im

article thumbnail

North Carolina Becomes First State to Prohibit Public Entities from Paying Ransoms

Hunton Privacy

On April 5, 2022, North Carolina became the first state in the U.S. to prohibit state agencies and local government entities from paying a ransom following a ransomware attack. North Carolina’s new law, which was passed as part of the state’s 2021-2022 budget appropriations , prohibits government entities from paying a ransom to an attacker who has encrypted their IT systems and subsequently offers to decrypt that data in exchange for payment.

article thumbnail

How Russia-Ukraine Is Intensifying Healthcare Cyber Worries

Data Breach Today

John Riggi and Carolyn Crandall Discuss the Top Threats John Riggi, national adviser for cybersecurity at the American Hospital Association, and Carolyn Crandall, chief security advocate at Attivo Networks, explain why threats involving the Russia-Ukraine war are exacerbating cybersecurity pressures on healthcare sector entities in the U.S. and globally.

article thumbnail

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

Ransomware? I think you may have heard of it, isn’t the news full of it? Well, the stats are even scarier with over 50% increase in ransomware attacks in 2021, compared to 2020. Related: Make it costly for cybercriminals. The media paid close attention to ransomware attacks last year, as they had a significant impact on Colonial Pipeline, the nation’s largest fuel distributor, and JBS, the nation’s largest meat distributor.

article thumbnail

Finding The Application Modernization Strategy That Is Right For Your Business

As a business leader, you know it's important to update your apps, but it can be tough to figure out the best approach. This whitepaper helps you in upgrading your current applications using modernization strategies without any business disruptions.

article thumbnail

Why so many schools prefer Apple

Jamf

Yes; Apple devices have a lower cost of ownership when compared to other technology in the classroom. But it’s not just about the bottom line. Apple devices better prepare schools for remote education, improve digital literacy and teach students skills that will be required in tomorrow’s workplace.

Education 137
article thumbnail

How to Create a Cybersecurity Mentorship Program

Dark Reading

As the talent shortage rages on, companies have found mentorship programs to be one of the best ways to obtain the security skills they need to develop their existing teams.

article thumbnail

Connecticut Becomes 5th US State to Get Data Privacy Law

Data Breach Today

Rules Similar to Privacy Laws Passed in California, Colorado, Virginia and Utah Connecticut has just become the fifth U.S. state to get a comprehensive data privacy and online monitoring law, as Senate Bill No. 6 passed into law on Wednesday. The law will go into effect on July 1, 2023, which means that organizations in the state have just 14 months to prepare for compliance.

article thumbnail

Security Researchers Find Nearly 400,000 Exposed Databases

eSecurity Planet

Databases contain some of the most critical data in enterprises, so vulnerabilities in them are serious issues. Researchers at Singapore-based cybersecurity company Group-IB recently discovered thousands of databases exposed to the internet that could have been exploited when they were left unprotected. The Attack Surface Management team at Group-IB said it constantly scans the IPv4 landscape for exposed databases, potentially unwanted programs, and other risks.

Security 126
article thumbnail

From Hadoop to Data Lakehouse

Getting off of Hadoop is a critical objective for organizations, with data executives well aware of the significant benefits of doing so. The problem is, there are few options available that minimize the risk to the business during the migration process and that’s one of the reasons why many organizations are still using Hadoop today. By migrating to the data lakehouse, you can get immediate benefits from day one using Dremio’s phased migration approach.

article thumbnail

Mozilla: Lack of Security Protections in Mental-Health Apps Is ‘Creepy’

Threatpost

Popular apps to support people’s psychological and spiritual well-being can harm them by sharing their personal and sensitive data with third parties, among other privacy offenses.

Privacy 123
article thumbnail

Security Stuff Happens: What Do You Do When It Hits the Fan?

Dark Reading

Breaches can happen to anyone, but a well-oiled machine can internally manage and externally remediate in a way that won't lead to extensive damage to a company's bottom line. (Part 1 of a series.

Security 134
article thumbnail

Mosyle Raises $196M to Strengthen Apple Security Platform

Data Breach Today

Mosyle Wants to Expand Beyond MDM and Provide a Holistic Apple Security Platform Mosyle closed a $196 million funding round to expand beyond mobile device management and provide a holistic security platform for Apple devices. The company wants to boost adoption of Mosyle Fuse, which combines MDM, endpoint security, encrypted DNS, identity management and app management.

MDM 278
article thumbnail

Pro-Ukraine attackers compromise Docker images to launch DDoS attacks on Russian sites

Security Affairs

Pro-Ukraine hackers are using Docker images to launch distributed denial-of-service (DDoS) attacks against a dozen Russian and Belarusian websites. Pro-Ukraine hackers, likely linked to Ukraine IT Army , are using Docker images to launch distributed denial-of-service (DDoS) attacks against a dozen websites belonging to government, military, and media.

Honeypots 126
article thumbnail

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

article thumbnail

List of data breaches and cyber attacks in April 2022 – 14.3 million records breached

IT Governance

Welcome to our latest monthly review of data breaches and cyber attacks. We discovered 80 security incidents in April, resulting in 14,329,78 compromised records. You can find the full list of data breaches below, with incidents affecting UK organisations listed in bold. Meanwhile, be sure to subscribe to our Weekly Round-up to receive the latest cyber security news and advice delivered straight to your inbox.

article thumbnail

Phishing Campaign Uses Simple Email Templates

KnowBe4

A phishing campaign is using short, terse emails to trick people into visiting a credential-harvesting site, according to Paul Ducklin at Naked Security. The email informs recipients that two incoming messages were returned to the sender, and directs the user to visit a link in order to view the messages. Since the emails are so short, the scammers avoid risking typos or grammatical errors that could have tipped off the recipient.

Phishing 120
article thumbnail

Man Uses Phishing to Trick US DOD Into Paying $23.5M

Data Breach Today

California Resident Found Guilty on Total of 6 Criminal Counts Sercan Oyuntur, a 40-year-old California resident, has been found guilty of stealing payments of over $23 million from the U.S. Department of Defense, according to the U.S. Department of Justice. The stolen payment was meant for DOD's jet fuel suppliers.

Phishing 264
article thumbnail

China-linked APT Curious Gorge targeted Russian govt agencies

Security Affairs

China-linked Curious Gorge APT is targeting Russian government agencies, Google Threat Analysis Group (TAG) warns. Google Threat Analysis Group (TAG) reported that an APT group linked to China’s People’s Liberation Army Strategic Support Force (PLA SSF), tracked as Curious Gorge , is targeting Russian government agencies. The Google TAG team published a report focused on cybersecurity activity in Eastern Europe.

Phishing 121
article thumbnail

The B2B Sales Leader's Guide for Any Economic Environment

When economic headwinds pick up, sales leaders are the first to sound the alarm — and chart a new course. Longer sales cycles, larger buying committees, increased price pressure, and smaller teams can quickly combine to reduce your margin for error and increase the urgency to find a solution. To thrive in a challenging environment, sales teams need a rock-solid grasp of the fundamentals and the biggest force-multipliers they can get their hands on.

article thumbnail

Weekly Update 294

Troy Hunt

It's back to business as usual with more data breaches, more poor handling of them and more IoT pain. I think on all those fronts there's a part of me that just likes the challenge and the opportunity to fix a broken thing. Or maybe I'm just a sucker for punishment, I don't know, but either way it's kept me entertained and given me plenty of new material for this week's video 😊 References The book is almost ready to launch!

article thumbnail

Third-Party App Access Is the New Executable File

Dark Reading

By providing these apps and other add-ons for SaaS platforms and associated permissions, businesses present bad actors with more opportunities to gain access to company data.

Access 121
article thumbnail

Case Study: Where to Begin Your Zero Trust Journey

Data Breach Today

Amit Basu of International Seaways on the Various Approaches to Zero Trust As one embarks on a zero trust journey, it's best to start with a network approach, according to Amit Basu, who is vice president, chief information officer and chief information security officer at International Seaways, a New York-based tanker company.

article thumbnail

An expert shows how to stop popular ransomware samples via DLL hijacking

Security Affairs

A security researcher discovered that samples of Conti, REvil, LockBit ransomware were vulnerable to DLL hijacking. The security researcher John Page aka ( hyp3rlinx ) discovered that malware from multiple ransomware operations, including Conti , REvil , LockBit , AvosLocker , and Black Basta, are affected by flaws that could be exploited block file encryption.

article thumbnail

Finding The Application Modernization Strategy That Is Right For Your Business

As a business leader, you know it's important to update your apps, but it can be tough to figure out the best approach. This whitepaper helps you in upgrading your current applications using modernization strategies without any business disruptions.

article thumbnail

India to Require Cybersecurity Incident Reporting Within Six Hours

Hunton Privacy

On April 28, 2022, India issued new guidance relating to “information security practices, procedure, prevention, response and reporting of cyber incidents for Safe & Trusted Internet.” Notably, the guidance requires “service providers, intermediary, data centre, body corporate and Government organizations” to report cyber incidents to India’s Computer Emergency Response Team (“CERT-In”) within six hours of noticing such incidents or being notified about such incidents.

article thumbnail

New Sophisticated Malware

Schneier on Security

Mandiant is reporting on a new botnet. The group, which security firm Mandiant is calling UNC3524, has spent the past 18 months burrowing into victims’ networks with unusual stealth. In cases where the group is ejected, it wastes no time reinfecting the victim environment and picking up where things left off. There are many keys to its stealth, including: The use of a unique backdoor Mandiant calls Quietexit, which runs on load balancers, wireless access point controllers, and other types

IoT 113
article thumbnail

Community College Suspends Classes Over Ransomware Attack

Data Breach Today

5 Kellogg Community Colleges - and Nearly 8,400 Students - Affected All five campuses of the Kellogg Community College, or KCC, have suspended classes until further notice as the result of a ransomware attack, according to its website. The campuses in Battle Creek, Albion, Coldwater, Hastings and Fort Custer Industrial Park in Michigan house nearly 8,400 students.