Krebs on Security

SEPTEMBER 30, 2022

Someone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may be. But the fabricated LinkedIn identities are confusing search engine results for CISO roles at major companies, and they are being indexed as gospel by various downstream data-scraping sources.

Information Security 297

Information Security Communications IT Cybersecurity 297

The Last Watchdog

SEPTEMBER 27, 2022

Digital resiliency has arisen as something of a Holy Grail in the current environment. Related: The big lesson of Log4j. Enterprises are racing to push their digital services out to the far edge of a highly interconnected, cloud-centric operating environment. This has triggered a seismic transition of company networks, one that has put IT teams and security teams under enormous pressure.

IT 199

IT Cloud Security 199

Dark Reading

SEPTEMBER 29, 2022

The previously identified ransomware builder has veered in an entirely new direction, targeting consumers and business of all sizes by exploiting known CVEs through brute-forced and/or stolen SSH keys.

Ransomware 123

Ransomware 123

Data Breach Today

SEPTEMBER 28, 2022

NullMixer Opens Windows To Dozens of Malicious Files A new malware dropper uncovered by Kaspersky targets would-be users of pirated software with a slew of nasty infections including backdoors, Trojan-Bankers, downloaders, spyware and more. The cybersecurity company calls the dropper "NullMixer.

Cybersecurity 240

Cybersecurity 240

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

IT

Krebs on Security

SEPTEMBER 24, 2022

A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities. At a court hearing in Bulgaria this month, the accused hacker requested and was granted extradition to the United States, reportedly telling the judge, “America is looking for me because I have enormous information and they need it.” A copy of the passport for Denis Kloster, as posted to his Vkontakte

Data breaches 196

Data breaches Ransomware Information Security IT 196

The Last Watchdog

SEPTEMBER 26, 2022

Today’s enterprises are facing more complexities and challenges than ever before. Related: Replacing VPNs with ZTNA. Thanks to the emergence of today’s hybrid and multi-cloud environments and factors like remote work, ransomware attacks continue to permeate each industry. In fact, the 2022 Verizon Data Breach Investigation Report revealed an alarming 13 percent increase in ransomware attacks overall – greater than past five years combined – and the inability to properly manage identities and pri

Access 179

Access Ransomware Passwords Cybersecurity 179

Data Breach Today

SEPTEMBER 24, 2022

While Joe Sullivan Is Accused of Perpetrating Cover-Up, Where Should the Buck Stop? Should the now-former CSO of Uber have reported a security incident to authorities after discovering signs of unusual behavior? That's one of the big questions now being asked in the closely watched trial of Joe Sullivan, who's been charged with covering up a data breach and paying off hackers.

Data breaches 260

Data breaches Security 260

IT Governance

SEPTEMBER 30, 2022

UK organisations suffer the third highest rate of ransomware attacks globally, with small businesses most at risk, a report by NordLocker has found. According to its analysis , 260 organisations in the UK fell victim to ransomware between January 2020 and June 2022, a figure that’s only exceeded by Canada (276) and – in a distant lead – the US (2,379).

Ransomware 136

Ransomware Manufacturing Data breaches Risk 136

Security Affairs

SEPTEMBER 30, 2022

Researchers from Mandiant have discovered a novel malware persistence technique within VMware ESXi Hypervisors. Mandiant detailed a novel technique used by malware authors to achieve administrative access within VMware ESXi Hypervisors and take over vCenter servers and virtual machines for Windows and Linux to perform the following actions: Send commands to the hypervisor that will be routed to the guest VM for execution Transfer files between the ESXi hypervisor and guest machines running benea

Metadata 130

Metadata Archiving Access IT 130

Advertisement

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

Risk

The Last Watchdog

SEPTEMBER 28, 2022

Phishing attacks are nothing new, but scammers are getting savvier with their tactics. Related: The threat of ‘business logic’ hacks. The Iranian hacker group TA453 has recently been using a technique that creates multiple personas to trick victims , deploying “social proof” to scam people into engaging in a thread. One example comes from Proofpoint, where a researcher began corresponding with an attacker posing as another researcher.

Phishing 124

Phishing Passwords Cybersecurity Government 124

Data Breach Today

SEPTEMBER 27, 2022

Rob Dartnall of Security Alliance Shares Insights on Current and Emerging Trends Financial services firms in Africa are becoming bigger cyber targets as they expand into new mobile payment and financial inclusion products. Rob Dartnall of Security Alliance explains why these firms need to invest in information sharing, training and new cybersecurity practices to avoid breaches.

Financial Services 245

Financial Services Cybersecurity Security 245

WIRED Threat Level

SEPTEMBER 28, 2022

Want to speak up against Big Tech, unjust data collection, and surveillance? Here's how to be an activist in your community and beyond.

Data Privacy 145

Data Privacy Data collection Privacy Security 145

Security Affairs

SEPTEMBER 25, 2022

OpIran: Anonymous launched Operation Iran against Teheran due to the ongoing crackdown on dissent after Mahsa Amini’s death. Anonymous launched OpIran against Iran due to the ongoing crackdown on dissent after Mahsa Amini’s death. The protests began after the death of Mahsa Amini from Saqqez in Kurdistan province after her arrest by Iran’s morality police for allegedly wearing her hijab too loosely.

Government 127

Government Security IT Information Security 127

Advertisement

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

Security

IT Governance

SEPTEMBER 27, 2022

In some circles, cyber security is synonymous with threat protection. After all, an organisation’s main objective is to prevent unauthorised actors from accessing sensitive information, and that means implementing protective measures. That’s certainly true, but there’s a lot more to cyber security than protecting assets. The measures you implement should be part of a cohesive strategy that helps organisations prepare for and respond to security threats.

Data breaches 119

Data breaches Government Insurance Risk 119

Data Breach Today

SEPTEMBER 27, 2022

CEO Shares Strategies to Overcome Technical, Cultural Challenges of This Top Threat Too often when software developers change jobs, they take source code they've written with them, feeling the code belongs to them even if it belongs to an employer. Code42's Joe Payne shares the challenges of detecting source code theft and ways to protect intellectual property wherever it resides.

IT 241

IT 241

eSecurity Planet

SEPTEMBER 29, 2022

Cybercriminals learn quickly. In a couple of decades’ time, they’ve gone from pretending to be Nigerian princes to compromising the entire software supply chain , and every day brings news of a new attack technique or a clever variation on an old one. Incidents like those that rattled SolarWinds and Kaseya and their downstream customers changed the game.

Cybersecurity 110

Cybersecurity Insurance Compliance Risk 110

Security Affairs

SEPTEMBER 30, 2022

Security researchers are warning of a new Microsoft Exchange zero-day that are being exploited by malicious actors in the wild. Cybersecurity firm GTSC discovered two Microsoft Exchange zero-day vulnerabilities that are under active exploitation in attacks in the wild. Both flaws were discovered by the researchers as part of an incident response activity in August 2022, they are remote code execution issues.

Cybersecurity 115

Cybersecurity Security IT Information Security 115

Advertisement

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

IT

Schneier on Security

SEPTEMBER 28, 2022

The Atlantic Council has published a report on securing the Internet of Things: “Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem.” The report examines the regulatory approaches taken by four countries—the US, the UK, Australia, and Singapore—to secure home, medical, and networking/telecommunications devices.

IoT 111

IoT Security Mining Manufacturing 111

Data Breach Today

SEPTEMBER 27, 2022

Indictment 'Did Not Hinder APT41’s Operations,' says HHS HC3 Two federal indictments against APT41, a Chinese state-sponsored hacking group, haven't slowed down its operations, the U.S. government acknowledges in a warning telling the healthcare sector to be vigilant about the threat actor. The hackers are believed to be at large, likely in China.

Government 241

Government IT 241

Hunton Privacy

SEPTEMBER 28, 2022

On September 15, 2022, the Federal Trade Commission released a report analyzing “dark patterns,” or “design practices that trick or manipulate users into making choices they would not otherwise have made and that may cause harm.” The report, titled “Bringing Dark Patterns to Light,” highlights dark patterns used across industries and different contexts, such as e-commerce, cookie consent banners, children’s apps and subscription sales.

Data collection 111

Data collection Sales Privacy Access 111

Security Affairs

SEPTEMBER 29, 2022

The recently discovered malware builder Quantum Builder is being used by threat actors to deliver the Agent Tesla RAT. A recently discovered malware builder called Quantum Builder is being used to deliver the Agent Tesla remote access trojan (RAT), Zscaler ThreatLabz researchers warn. “Quantum Builder (aka “Quantum Lnk Builder”) is used to create malicious shortcut files.

Archiving 114

Archiving Phishing Access IT 114

Advertisement

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

Schneier on Security

SEPTEMBER 26, 2022

Sometimes browser spellcheckers leak passwords : When using major web browsers like Chrome and Edge, your form data is transmitted to Google and Microsoft, respectively, should enhanced spellcheck features be enabled. Depending on the website you visit, the form data may itself include PII­—including but not limited to Social Security Numbers (SSNs)/Social Insurance Numbers (SINs), name, address, email, date of birth (DOB), contact information, bank and payment information, and so on.

Passwords 110

Passwords Insurance Cloud Security 110

Data Breach Today

SEPTEMBER 27, 2022

National Nuclear Security Administration Made 'Limited Progress,' Says GAO The U.S. federal agency responsible for the ongoing functionality of the nuclear weapons stockpile hasn't gotten its arms around how to secure operational technology, says the Government Accountability Office. More than 200,000 unique pieces of OT are deployed across nuclear weapon centers.

Security 237

Security Government IT 237

KnowBe4

SEPTEMBER 24, 2022

With Retail seeing and feeling the impact of more ransomware attacks than nearly every other industry, a new report focuses in on what the repercussions look like for this sector… and it’s not good.

Retail 104

Retail Ransomware 104

Security Affairs

SEPTEMBER 29, 2022

The Russia-linked APT28 group is using mouse movement in decoy Microsoft PowerPoint documents to distribute malware. The Russia-linked APT28 employed a technique relying on mouse movement in decoy Microsoft PowerPoint documents to deploy malware, researchers from Cluster25 reported. Cluster25 researchers were analyzing a lure PowerPoint document used to deliver a variant of Graphite malware, which is known to be used exclusively by the APT28 group, that starts the attack chain when the user star

Metadata 112

Metadata Communications Government IT 112

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

Customer Experience

Daymark

SEPTEMBER 29, 2022

The Cybersecurity Maturity Model Certification (CMMC) 2.0 is the DoD framework designed to enhance cybersecurity and protect against compromise of sensitive defense information on contractors’ systems. Some defense industrial base organizations (DIB) have mistakenly taken a “wait and see” attitude about preparing for CMMC compliance, believing that they will wait until the government finalizes 2.0 requirements.

Compliance 104

Compliance Risk Cybersecurity Government 104

Data Breach Today

SEPTEMBER 28, 2022

A Raft of Cyber Disruptions Hit the South American Country in September A phishing email led to the spread of the Cryptolocker Trojan inside the court system of Chile, adding to a growing list of cyber disruptions affecting the South American country. Court officials stressed that the virus was contained before it could disrupt judicial proceedings.

Ransomware 221

Ransomware Phishing IT 221

KnowBe4

SEPTEMBER 28, 2022

A phishing campaign is impersonating UK energy regulator Ofgem, according to Action Fraud, the UK’s cybercrime reporting centre.

Phishing 122

Phishing 122