Sat.Jul 11, 2020 - Fri.Jul 17, 2020

article thumbnail

Introducing the PhishingKitTracker

Security Affairs

Experts that want to to study phishing attack schema and Kit-composition can use the recently PhishingKitTracker, which is updated automatically. If you are a security researcher or even a passionate about how attackers implement phishing you will find yourself to look for phishing kits. A phishing kit is not a phishing builder, but a real implementation (actually re-implementation) of a third party website built to lure your victim.

Phishing 109
article thumbnail

Breached Data Indexer ‘Data Viper’ Hacked

Krebs on Security

Data Viper , a security startup that provides access to some 15 billion usernames, passwords and other information exposed in more than 8,000 website breaches, has itself been hacked and its user database posted online. The hackers also claim they are selling on the dark web roughly 2 billion records Data Viper collated from numerous breaches and data leaks, including data from several companies that likely either do not know they have been hacked or have not yet publicly disclosed an intrusion.

Sales 340
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Malware Hidden in Chinese Tax Software

Data Breach Today

Researchers: 'GoldenHelper' Backdoor Designed to Access Corporate Networks Malware designed to provide backdoor access to corporate networks, gain administrative privileges and deliver additional payloads was hidden in tax software the Chinese government requires companies doing business in the nation to use, researchers at the security firm Trustwave report.

article thumbnail

Iranian Spies Accidentally Leaked Videos of Themselves Hacking

WIRED Threat Level

IBM's X-Force security team obtained five hours of APT35 hacking operations, showing exactly how the group steals data from email accounts—and who it's targeting.

Security 145
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Who’s Behind Wednesday’s Epic Twitter Hack?

Krebs on Security

Twitter was thrown into chaos on Wednesday after accounts for some of the world’s most recognizable public figures, executives and celebrities starting tweeting out links to bitcoin scams. Twitter says the attack happened because someone tricked or coerced an employee into providing access to internal Twitter administrative tools. This post is an attempt to lay out some of the timeline of this attack, and point to clues about who may have been behind it.

More Trending

article thumbnail

Twitter Hack: A Sign of More Troubles Ahead?

Data Breach Today

Some Experts Say the Platform's Security Failures Could Lead to Bigger Attacks While the Wednesday hijacking of several high-profile and verified Twitter accounts appears to have been confined to a cryptocurrency scam, security experts are warning that the platform's security failures could lead to bigger attacks down the road.

Security 309
article thumbnail

Can You Add Teasers to Add Attention?

AIIM

Think back to middle school English classes. You were taught that your titles should summarize your main points. People should be able to get the gist of what you’re talking about by just reading the title. The problem is that what you learned in English class is wrong. You don’t want your executives or stakeholders believing they know what you’re going to say without reading what you’ve said, do you?

Sales 117
article thumbnail

‘Wormable’ Flaw Leads July Microsoft Patches

Krebs on Security

Microsoft today released updates to plug a whopping 123 security holes in Windows and related software, including fixes for a critical, “wormable” flaw in Windows Server versions that Microsoft says is likely to be exploited soon. While this particular weakness mainly affects enterprises, July’s care package from Redmond has a little something for everyone.

article thumbnail

Exclusive, Ghost Squad Hackers defaced European Space Agency (ESA) site

Security Affairs

A group of hacktivists that goes online with the name Ghost Squad Hackers has defaced a site of the European Space Agency (ESA). A group of hackers that goes online with the name Ghost Squad Hackers has defaced a site of the European Space Agency (ESA), [link]. I have reached them for a comment and they told me that the attack was not targeted, they defacted the site only for fun. “We are hacktivists, we usually hack for many various causes related to activism.” Ghost Squad Hackers&#

Military 142
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

How to Make the Most of Cyber Intelligence

Data Breach Today

Jeff Bardin of Treadstone 71 Outlines Key Strategic Steps Creating a cyber intelligence strategy involves operational and tactical measures as well as technical approaches, says Jeff Bardin, chief intelligence officer at Treadstone 71.

317
317
article thumbnail

What Is TOGAF? The Open Group Architecture Framework

erwin

The Open Group Architecture Framework (TOGAF) is a type of enterprise architecture (EA) framework. In this post, we’ll cover: What Is TOGAF? History of TOGAF. TOGAF ADM. The Benefits of TOGAF. Is TOGAF Free? TOGAF vs. DODAF vs. MODAF vs. NAF. Implementing an EA Framework. What Is TOGAF? TOGAF is one example of an enterprise architecture framework. Enterprise architecture frameworks help organizations regulate the methods and language used to create, describe and administer changes to an enterpri

article thumbnail

Twitter Hack Update: What We Know (and What We Don’t)

Threatpost

With limited confirmed information, a raft of theories and circumstantial evidence has come to light as to who was behind the attack and how they carried it out.

IT 136
article thumbnail

Records of 45 million+ travelers to Thailand and Malaysia surfaced in the darkweb

Security Affairs

Experts from Cyble discovered the availability on the darkweb of records of over 45 million travelers to Thailand and Malaysia from multiple countries. Experts from threat intelligence firm have discovered the availability on the darkweb of records of over 45 million travelers to Thailand and Malaysia from multiple countries. Records of 45 Million+ travelers to Thailand and Malaysia Leaked on #Darkweb (Blog Link) [link] #infosec #leaks #CyberSecurity pic.twitter.com/zHOujQ8CMm — Cyble (@Au

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Brazilian Banking Trojans Spread to Other Nations

Data Breach Today

Kaspersky: Fraudsters Now Target North America, Europe, Latin America The operators behind a family of Brazilian banking Trojans are expanding their operations to other parts of Latin America as well as North America and Europe, according to Kaspersky. Some of these malware variants have been re-engineered to better avoid security tools.

Security 252
article thumbnail

CIPL Submits White Paper on Data Subject Rights

Hunton Privacy

On July 8, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its White Paper (the “Paper”) as input for the European Data Protection Board’s (the “EDPB”) future guidelines on data subject rights (“DSRs”) (the “Guidelines”). The Paper, titled “Data Subject Rights under the GDPR in a Global Data Driven and Connected World,” was drafted following the EDPB stakeholders’ event on DSR in Brussels on November 4, 2019.

Paper 108
article thumbnail

Twitter Elite Accounts Are Hijacked in Unprecedented Cryptocurrency Scam

Threatpost

The Twitter accounts of Gates, Musk, Biden, Apple and Uber have each been hijacked at the same time to push a cryptocurrency scam in an unprecedented breach of Twitter accounts.

121
121
article thumbnail

NightLion hacker is selling details of 142 million MGM Resorts hotel guests

Security Affairs

The MGM Resorts 2019 data breach is much larger than initially thought, a hacker is offering for sale details of 142 million MGM hotel guests on the dark web. Bad news for the guests of the MGM Resorts, the 2019 data breach suffered by the company is much larger than initially reported. A credible actor is selling details of 142 million MGM hotel guests on the dark web , the news was reported in exclusive by ZDNet.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

UK Reverses Course, Bans Huawei Gear From 5G Networks

Data Breach Today

U.S. Sanctions Against Chinese Firms a Factor in Decision The British government has officially reversed course and will now ban Huawei's telecom gear from its 5G networks. The ban on use of the Chinese firm's equipment, based in part on U.S. sanctions against the manufacturer, goes into effect at year's end.

article thumbnail

BREAKING: Unexpected Outcome of Schrems II Case: CJEU Invalidates EU-U.S. Privacy Shield Framework but Standard Contractual Clauses Remain Valid

Hunton Privacy

On July 16, 2020, the Court of Justice of the European Union (the “CJEU”) issued its landmark judgment in the Schrems II case ( case C-311/18 ). In its judgment, the CJEU concluded that the Standard Contractual Clauses (the “SCCs”) issued by the European Commission for the transfer of personal data to data processors established outside of the EU are valid.

Privacy 108
article thumbnail

Amazon-Themed Phishing Campaigns Swim Past Security Checks

Threatpost

A pair of recent campaigns aim to lift credentials and other personal information under the guise of Amazon package-delivery notices.

Phishing 134
article thumbnail

Orange Business Services hit by Nefilim ransomware operators

Security Affairs

Security researchers at Cyble reported that Nefilim ransomware operators allegedly targeted the mobile network operator Orange. Researchers from Cyble came across a post of Nefilim ransomware operators which were claiming to have stolen sensitive data of Orange S.A., one of the largest mobile networks based in France. The discovery was made by the experts during their regular Deepweb and Darkweb monitoring activity.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Insights From INTERPOL on Using Threat Intelligence

Data Breach Today

Cybercrime Fighter Offers Advice on Responding to the Latest Trends Craig Jones, who leads the global cybercrime program for INTERPOL, which facilitates police cooperation among 194 member nations, describes how organizations can improve their use of threat intelligence.

295
295
article thumbnail

How Two-Factor Authentication Keeps Your Accounts Safe

WIRED Threat Level

Here are some of the best authenticator apps and options. It may take a moment to set up, but once you have 2FA enabled where it counts, you can rest easier.

article thumbnail

A ‘New Age’ of Sophisticated Business Email Compromise is Coming

Threatpost

A new BEC threat group is heralding more sophisticated email scams that target organizations without DMARC and squeeze as much money out of victims as possible.

Security 114
article thumbnail

Police and CPS scrap digital data extraction forms for rape cases

The Guardian Data Protection

Exclusive: Case of two complainants funded by Equality and Human Rights Commission forces U-turn The CPS and police have been forced to scrap controversial “digital strip searches” of rape complainants, following a legal threat from two survivors of sexual abuse and sustained campaigning from privacy and human rights groups. Little more than a year after a new policy around the disclosure of private information was introduced, the police and CPS have made a major U-turn and will withdraw digital

Privacy 107
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

The Insider Threat: A Growing Concern

Data Breach Today

Researcher Randy Trzeciak Analyzes the Latest Trends, Offers Fraud Detection Advice As companies lay off employees and deal with financial challenges during the COVID-19 pandemic, they're also facing an increase in the number of insider fraud incidents, says Randy Trzeciak, director of the National Insider Threat Center at Carnegie Mellon University, who offers fraud detection tips.

253
253
article thumbnail

Google updates policies to ban any ads for surveillance solutions and services

Security Affairs

Google announced that starting from August it will update its policies to reject ads proposed by organizations offering surveillance software. Google announced the update of its Google Ads Enabling Dishonest Behavior policy to “prohibit the promotion of products or services that are marketed or targeted with the express purpose of tracking or monitoring another person or their activities without their authorization.

Marketing 107
article thumbnail

You Don’t Need a VPN

PerezBox

A Virtual Private Networks (VPN) allows a component from a trusted zone to be accessed from an untrusted zone. This technology is enable a user to access company data from. Read More. The post You Don’t Need a VPN appeared first on PerezBox.

Access 105