Sat.Sep 21, 2024 - Fri.Sep 27, 2024

article thumbnail

McAfee Discovers New Phishing Campaign Targeting GitHub Users

KnowBe4

A phishing campaign is targeting GitHub users with phony CAPTCHA pages, according to researchers at McAfee. The phishing emails ask users to address a security vulnerability in a GitHub repository that they recently contributed to, and contain a link to find more information about the alleged vulnerability. This link leads to a fake CAPTCHA page that attempts to trick them into installing malware.

article thumbnail

US Pushes Ban on Chinese, Russian Tech in Connected Vehicles

Data Breach Today

Commerce Department Moves to Regulate Foreign Vehicle Tech Amid Security Fears The White House is proposing new regulations on connected vehicles that would prohibit manufacturers from importing software or hardware from the People's Republic of China and Russia, citing an ever-increasing threat landscape and heightened national security risks.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Timeshare Owner? The Mexican Drug Cartels Want You

Krebs on Security

The FBI is warning timeshare owners to be wary of a prevalent telemarketing scam involving a violent Mexican drug cartel that tries to trick people into believing someone wants to buy their property. This is the story of a couple who recently lost more than $50,000 to an ongoing timeshare scam that spans at least two dozen phony escrow, title and realty firms.

Sales 244
article thumbnail

GUEST ESSAY: Massive NPD breach tells us its high time to replace SSNs as an authenticator

The Last Watchdog

Ever since the massive National Public Data (NPD) breach was disclosed a few weeks ago, news sources have reported an increased interest in online credit bureaus, and there has been an apparent upswing in onboarding of new subscribers. Related: Class-action lawsuits pile up in wake of NPD hack So what’s the connection? NPD reported the exposure of over 2.7 billion records.

article thumbnail

The Tumultuous IT Landscape is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug

WIRED Threat Level

Researchers found a flaw in a Kia web portal that let them track millions of cars, unlock doors, and start engines at will—the latest in a plague of web bugs that’s affected a dozen carmakers.

Privacy 145

More Trending

article thumbnail

U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Krebs on Security

The United States today unveiled sanctions and indictments against the alleged proprietor of Joker’s Stash , a now-defunct cybercrime store that peddled tens of millions of payment cards stolen in some of the largest data breaches of the past decade. The government also indicted and sanctioned a top Russian cybercriminal known as Taleon , whose cryptocurrency exchange Cryptex has evolved into one of Russia’s most active money laundering networks.

article thumbnail

NIST Recommends Some Common-Sense Password Rules

Schneier on Security

NIST’s second draft of its “ SP 800-63-4 “—its digital identify guidelines—finally contains some really good rules about passwords: The following requirements apply to passwords: lVerifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require passwords to be a minimum of 15 characters in length.

Passwords 127
article thumbnail

Tesla’s Cybertruck Goes, Inevitably, to War

WIRED Threat Level

A handful of Tesla’s electric pickup trucks are armed and ready for battle in the hands of Chechen forces fighting in Ukraine as part of Russia’s ongoing invasion. Can the EV take the heat?

Security 123
article thumbnail

How Today's Top CIOs Are Completing the Cloud Journey

Data Breach Today

Enterprise Browser: The Tool CIOs Never Knew They Were Lacking The enterprise browser is the tool CIOs never knew they were lacking - a seamless access method to the workloads, apps and data that moved to the cloud. It bakes in the needs of the enterprise. Learn why the enterprise browser is a strategic imperative to the success of your business.

Cloud 260
article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Critical RCE vulnerability found in OpenPLC

Security Affairs

Cisco’s Talos reported critical and high-severity flaws in OpenPLC that could lead to DoS condition and remote code execution. Cisco’s Talos threat intelligence unit has disclosed details of five newly patched vulnerabilities in OpenPLC, an open-source programmable logic controller. These vulnerabilities can be exploited to trigger a denial-of-service (DoS) condition or execute remote code.

article thumbnail

2024 Cybersecurity Laws & Regulations

eSecurity Planet

Understanding and adhering to cybersecurity regulations is crucial for any organization as cyber threats evolve and become more sophisticated. The landscape of cybersecurity laws and regulations today is set to undergo significant changes, impacting businesses, government entities, and individuals alike. Let’s explore what to expect from the upcoming regulations, provide insights into critical federal and state laws, and offer practical compliance and risk management strategies.

article thumbnail

Hacking the “Bike Angels” System for Moving Bikeshares

Schneier on Security

I always like a good hack. And this story delivers. Basically, the New York City bikeshare program has a system to reward people who move bicycles from full stations to empty ones. By deliberately moving bikes to create artificial problems, and exploiting exactly how the system calculates rewards, some people are making a lot of money. At 10 a.m. on a Tuesday last month, seven Bike Angels descended on the docking station at Broadway and 53rd Street, across from the Ed Sullivan Theater.

article thumbnail

Pennsylvania Firm to Pay $65M for Cancer Patient Photo Hack

Data Breach Today

Lehigh Valley Health Network Will Pay 134,000 Victims of Ransomware Attack and Leak A Pennsylvania-based healthcare system that was hacked by ransomware group BlackCat in 2023 and extorted over stolen exam photos of breast cancer patients posted to a data leak site has agreed to pay $65 million under a proposed settlement of a lawsuit affecting 134,000 patients and employees.

article thumbnail

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

article thumbnail

Hackers stole over $44 million from Asian crypto platform BingX

Security Affairs

Cybercriminals stole more than $44 million worth of cryptocurrency from the Singaporean crypto platform BingX. Singaporean crypto platform BingX reported a cyberattack on Friday. Threat actors stole over $44 million worth of cryptocurrency. The crypto platform discovered unauthorized transfers of funds on Thursday night, shortly before BingX announced a shutdown for “wallet maintenance” on social media. [ Temporary Wallet Maintenance Notice] ■ Schedule: ~24 hours ■ When maintenance i

article thumbnail

Russia-Backed Media Outlets Are Under Fire in the US—but Still Trusted Worldwide

WIRED Threat Level

The US government says outlets like RT work closely with Russian intelligence, and platforms have removed or banned their content. But they’re still influential all around the world.

article thumbnail

5 handy Alexa routines I depend on every day - and how to build your own

Collaboration 2.0

Ready to unlock your Amazon Echo's true potential? Here's how Alexa routines can automate your home, simplify tasks, and save you time with just a few taps in the Alexa app.

98
article thumbnail

4 More EU Nations Join US-Led Initiative to Counter Spyware

Data Breach Today

Austria, Estonia, Lithuania and the Netherlands Join the Coalition Formed in March Four more European Union nations have joined a United States government-led initiative lanched in March to tackle spyware misuse globally. The move came amid growing criticisms of the European Commission's failure to curb the EU's prolific spyware market.

Marketing 256
article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

New variant of Necro Trojan infected more than 11 million devices

Security Affairs

Experts warn of Necro Trojan found in Google Play, threat actors are spreading it through fake versions of legitimate Android apps. Researchers from Kaspersky discovered a new version of the Necro Trojan in multiple apps uploaded to the Google Play store. The malware was hidden in popular applications and game mods. Kaspersky researchers first spotted the Necro Trojan in 2019, the malicious code was in the free version of the popular PDF creator application CamScanner app.

Metadata 114
article thumbnail

Educate Your Users About Malicious SEO Poisoning Attacks

KnowBe4

Since the beginning of computers, social engineering has been the number one way that computers and networks have been compromised. Social engineering is involved in 70% to 90% of all successful data breaches.

article thumbnail

OLED vs. QLED TV: Which panel type is best suited for your home?

Collaboration 2.0

What's the difference between OLED and QLED TVs? Brightness level, picture quality, and price are just a few factors in deciding why you should buy one over the other.

98
article thumbnail

Breach Roundup: How to Spot North Korean IT Workers

Data Breach Today

Also: Ransomware Surged in 2023, MoneyGram Back in Service After Cyberattack This week, advice on spotting North Korean staff; ransomware attacks rose; MoneyGram back online; FCC fined political operative; CISA warned of water system attacks; Ukraine restricted Telegram use; North Korean hackers used new malware; U.K. arrested alleged hacker; PSNI is in data leak talks.

IT 247
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Hacking Kia cars made after 2013 using just their license plate

Security Affairs

Researchers discovered critical flaws in Kia’s dealer portal that could allow to hack Kia cars made after 2013 using just their license plate. In June 2024, a team of experts ( Neiko Rivera , Sam Curry , Justin Rhinehart , Ian Carroll ) discovered multiple vulnerabilities in Kia vehicles that allowed remote control of key functions using their license plates.

Access 112
article thumbnail

Posting ‘Goodbye Meta AI’ is pointless. But we can stop big tech stealing our Facebook pictures | Chris Stokel-Walker

The Guardian Data Protection

Sharing these posts may seem harmless, but don’t be drawn in. There are better ways to combat the threats to our data If you’ve spent any time on Instagram or Facebook lately, you will probably have encountered concerned citizens sharing posts denying Meta, the parent company of both platforms as well as WhatsApp, the right to use their data to train AI systems.

article thumbnail

How hackers could have remotely controlled millions of cars

Collaboration 2.0

A website flaw - since patched - enabled these researchers to remotely track a car's location, unlock its doors, honk the horn, and start the engine.

IT 98
article thumbnail

Will AI Hallucinations Get Worse?

Data Breach Today

Training AI With Synthetic Data Can Lead to Model Collapse Using facts to train artificial intelligence models is getting tougher, as companies run out of real-world data. AI-generated synthetic data is touted as a viable replacement, but experts say this may exacerbate hallucinations, which are already a big pain point of machine learning models.

article thumbnail

Launching LLM-Based Products: From Concept to Cash in 90 Days

Speaker: Christophe Louvion, Chief Product & Technology Officer of NRC Health and Tony Karrer, CTO at Aggregage

Christophe Louvion, Chief Product & Technology Officer of NRC Health, is here to take us through how he guided his company's recent experience of getting from concept to launch and sales of products within 90 days. In this exclusive webinar, Christophe will cover key aspects of his journey, including: LLM Development & Quick Wins 🤖 Understand how LLMs differ from traditional software, identifying opportunities for rapid development and deployment.

article thumbnail

The Tor Project and Tails have merged operations

Security Affairs

The Tor Project and Tails OS have joined forces and merged operations to counter a growing number of digital threats. The Tor Project and Tails have merged operations to enhance collaboration and expand training, outreach, and strengthen both organizations’ efforts to protect users globally from digital surveillance and censorship. The two organizations aim to better counter growing digital threats, and the merger between them will enhance protections for users needing both network and sys

Privacy 108
article thumbnail

New Windows Malware Locks Computer in Kiosk Mode

Schneier on Security

Clever : A malware campaign uses the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware. Specifically, the malware “locks” the user’s browser on Google’s login page with no obvious way to close the window, as the malware also blocks the “ESC” and “F11” keyboard keys.

89
article thumbnail

The 2-in-1 laptop I recommend for the office is not a Dell or a Lenovo ThinkPad

Collaboration 2.0

HP's EliteBook x360 1040 is a professional laptop/tablet combo with a feature set that enables one of the best video call environments for a work laptop.

98