Data Breach Today
DECEMBER 8, 2022
Indian Firm Accuses 'Notorious Cyber Security Company' in Ongoing Incident Indian cybersecurity firm CloudSEK says another cybersecurity firm used a compromised collaboration platform credential to obtain access to its training webpages. CEO Rahul Sasi did not identify the alleged perpetrator and says the hacker did not obtain access to the company code base and database.
Krebs on Security
DECEMBER 8, 2022
Ransomware groups are constantly devising new methods for infecting victims and convincing them to pay up, but a couple of strategies tested recently seem especially devious. The first centers on targeting healthcare organizations that offer consultations over the Internet and sending them booby-trapped medical records for the “patient.” The other involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
The Last Watchdog
DECEMBER 8, 2022
Over the years, bad actors have started getting more creative with their methods of attack – from pretending to be a family member or co-worker to offering fortunes and free cruises. Related: Deploying employees as human sensors. Recent research from our team revealed that while consumers are being exposed to these kinds of attacks (31 percent of respondents reported they received these types of messages multiple times a day), they continue to disregard cyber safety guidelines.
Security Affairs
DECEMBER 9, 2022
Claroty researchers devised a technique for bypassing the web application firewalls (WAF) of several vendors. Researchers at industrial and IoT cybersecurity firm Claroty devised an attack technique for bypassing the web application firewalls (WAF) of several industry-leading vendors. The technique was discovered while conducting unrelated research on Cambium Networks’ wireless device management platform.
Advertisement
Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.
Data Breach Today
DECEMBER 9, 2022
Defendants Allegedly Obtained More Than $5.4 Million From Businesses They Duped U.S. federal prosecutors indicted four men charged with engaging in business email compromise and credit card fraud schemes that netted them $9.2 million. The FBI has warned that business email compromises - whether through account compromise or impersonation - is a growing threat.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Dark Reading
DECEMBER 6, 2022
Threat actors can weaponize code within AI technology to gain initial network access, move laterally, deploy malware, steal data, or even poison an organization's supply chain.
Security Affairs
DECEMBER 6, 2022
Russia’s second-largest bank VTB Bank reveals it is facing the largest DDoS (distributed denial of service) attack in its history. State-owned VTB Bank, the second-largest financial institution in Russia, says it is facing the largest DDoS (distributed denial of service) attack in its history. The pro-Ukraine collective IT Army of Ukraine has claimed responsibility for the DDoS attacks against the bank.
Data Breach Today
DECEMBER 9, 2022
New Cybersecurity Strategy Will Aspire to World-Topping Performance by 2030 Australian Home Affairs and Cyber Security Minister Clare O'Neil vowed during a speech to transform the country into the world's most cyber-secure, saying experts will start work on a strategy intended to outdo the rest of the world by 2030. The country has recently experienced a data breach wave.
eSecurity Planet
DECEMBER 7, 2022
It has certainly been a rough year for the tech industry. There have been many layoffs, the IPO market has gone mostly dark, and venture funding has decelerated. Despite all this, there is one tech category that has held up fairly well: Cybersecurity. Just look at a report from M&A advisory firm Houlihan Lokey , which found that private cybersecurity company funding grew by 9.4% to $26.9 billion between September 2021 and September 2022.
Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage
Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.
Dark Reading
DECEMBER 8, 2022
Common mistakes in network configuration can jeopardize the security of highly protected assets and allow attackers to steal critical data from the enterprise.
Security Affairs
DECEMBER 6, 2022
Researchers spotted a version of the open-source ransomware toolkit Cryptonite that doesn’t support decryption capabilities. Fortinet researchers discovered a sample of malware generated with the publicly available open-source ransomware toolkit Cryptonite that never offers the decryption window, turning it as a wiper. The experts also reported an increase in ransomware intentionally turned into wiper malware, these malicious code are mainly employed in politically-motivated campaigns.
Data Breach Today
DECEMBER 9, 2022
Sector Especially Vulnerable Due to Dispersed IT Footprint, Massive Records Storage Ransomware gangs rely on shotgun-style attacks using phishing or stolen remote access credentials to target individuals. This strategy snares less poorly prepared organizations, and that often means healthcare entities. Experts share insights on this plague on healthcare and what to do about it.
Schneier on Security
DECEMBER 5, 2022
This is an actual CAPTCHA I was shown when trying to log into PayPal. As an actual human and not a bot, I had no idea how to answer. Is this a joke? (Seems not.) Is it a Magritte-like existential question? (It’s not a bicycle. It’s a drawing of a bicycle. Actually, it’s a photograph of a drawing of a bicycle. No, it’s really a computer image of a photograph of a drawing of a bicycle.
Advertisement
Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.
Dark Reading
DECEMBER 9, 2022
The custom malware used by the state-backed Iranian threat group Drokbk has so far flown under the radar by using GitHub as a "dead-drop resolver" to more easily evade detection.
Security Affairs
DECEMBER 9, 2022
CommonSpirit Health confirmed that the October security breach resulted in the exposure of the personal data of 623,774 patients. In early October, Common Spirit , one of the largest hospital chains in the US, suffered a ransomware cyberattack that caused severe inconvenience to the facilities and to patients. The security breach led to delayed surgeries, hold-ups in patient care and forced the chain to reschedule doctor appointments across the country.
Data Breach Today
DECEMBER 5, 2022
Fake Ransomware Isn't First Wiper to Target Windows Systems in Russia for Deletion Windows systems in Russia are being stalked by a new Trojan that purports to be ransomware but is really designed to wipe PCs and leave them unrecoverable, security researchers say. Dubbed CryWiper, it's one of a number of wipers - mostly targeting Ukraine - seen in the wild this year.
Schneier on Security
DECEMBER 8, 2022
A bunch of Android OEM signing keys have been leaked or stolen, and they are actively being used to sign malware. Łukasz Siewierski, a member of Google’s Android Security Team, has a post on the Android Partner Vulnerability Initiative (AVPI) issue tracker detailing leaked platform certificate keys that are actively being used to sign malware.
Advertisement
Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.
eSecurity Planet
DECEMBER 8, 2022
SafeBreach Labs researcher Or Yair has uncovered zero-day vulnerabilities in several leading endpoint detection and response ( EDR ) and antivirus ( AV ) solutions that enabled him to turn the tools into potentially devastating next-generation wipers. “This wiper runs with the permissions of an unprivileged user yet has the ability to wipe almost any file on a system, including system files, and make a computer completely unbootable,” Yair warned in a blog post detailing the findings
Security Affairs
DECEMBER 9, 2022
On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more than $250,000. On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more than $250,000 for demonstrating zero-day attacks against NAS devices, printers, smart speakers, routers, and smartphones.
Data Breach Today
DECEMBER 6, 2022
Companies Tells US SEC That the Incident Will Affect Revenue Ransomware lies behind the ongoing outage of hosted Exchange services at Rackspace, the company disclosed in a Tuesday update. The company did not disclose any particular ransomware actor. It told federal regulators that the outage is likely to create a financial loss.
Hunton Privacy
DECEMBER 8, 2022
On November 22, 2022, the Department of Commerce’s National Telecommunications and Information Administration (“NTIA”) announced that it filed comments with the Federal Trade Commission that call for new limits on how companies can collect and use personal information about consumers. The comments were filed in response to the FTC’s request for public comment on its Advanced Notice of Proposed Rulemaking on commercial surveillance and lax data security practices.
Advertisement
Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.
KnowBe4
DECEMBER 8, 2022
A sophisticated scammer group has stolen at least €480 million from victims in France, Belgium, and Luxembourg since 2018, according to researchers at Group-IB. The gang uses a highly detailed scam kit called “CryptosLabs,” which impersonates investment portals from more than forty major European financial entities.
Security Affairs
DECEMBER 6, 2022
Researchers discovered a security flaw in the connected vehicle service SiriusXM that exposes multiple car models to remote attacks. Cybersecurity researchers discovered a security vulnerability in the connected vehicle service provided by SiriusXM that can allow threat actors to remotely attack vehicles from multiple carmakers, including Honda, Nissan, Infiniti, and Acura.
Data Breach Today
DECEMBER 6, 2022
Government Agencies and Private Sector Affected by Attack on IT Sercices Provider A ransomware attack on a New Zealand third party managed IT service provider impacted several government agencies across the country – including the Ministry of Justice and the national health authority. Investigations are ongoing to determine the incident's full impact.
IT Governance
DECEMBER 8, 2022
Welcome to our December 2022 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over personal data. This month, we delve into a scheme capitalising on the fall of FTX and review the a scam exploiting people’s excitement over the World Cup. FTX customers offered refund in deepfake phishing scam.
Advertisement
“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.
OpenText Information Management
DECEMBER 9, 2022
If you’re like some companies, you may be using outdated, mishmashed software or a myriad of point solutions to manage your eDiscovery processes. While this antiquated approach may work for some companies or use cases, many law firms and corporations are identifying and evaluating newer legaltech technology that better align to maturity and needs. eDiscovery … The post How to generate a custom shortlist of eDiscovery vendors appeared first on OpenText Blogs.
Security Affairs
DECEMBER 8, 2022
The Android app Web Explorer – Fast Internet left an open instance, exposing a trove of sensitive data that malicious actors could use to check specific users’ browsing history. Original post at [link]. A browsing app for Android devices, Web Explorer – Fast Internet, left open its Firebase instance, exposing app and user data, the Cybernews research team has discovered.
Data Breach Today
DECEMBER 7, 2022
Campaign May Originate From North Korean Group Infamous for Social Engineering Hackers, possibly North Korea's Lazarus Group, are behind a campaign that socially engineers cryptocurrency traders into opening an Excel spreadsheet loaded with a malicious macro. Pyongyang hackers specialize in cryptocurrency theft as the regime seeks hard currency to fuel weapons development.
Expert insights. Personalized for you.
326 
Let's personalize your content