Sat.Jan 14, 2023 - Fri.Jan 20, 2023

article thumbnail

The FBI Identified a Tor User

Schneier on Security

No details , though: According to the complaint against him, Al-Azhari allegedly visited a dark web site that hosts “unofficial propaganda and photographs related to ISIS” multiple times on May 14, 2019.

Military 108
article thumbnail

New T-Mobile Breach Affects 37 Million Accounts

Krebs on Security

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years.

Security 228
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Profit at Any Cost: Why Ransomware Gangs Such as LockBit Lie

Data Breach Today

And They’ll Continue to Do So Until Authorities Better Disrupt Them - But How? Pity the overworked ransomware gang - say, LockBit - that just "discovered" one of its affiliates hit Britain's postal service.

article thumbnail

GUEST ESSAY: How I started a company to supply democratized pentests to immunize websites

The Last Watchdog

My name is Eden Zaraf. I’ve been driven by my passion for technology for as long as I can remember. Somewhere around the age of 13, I learned to code. I developed scripts, websites and got involved in security which led me to penetration testing. Related: Leveraging employees as detectors. Penetration Testing is a never-ending challenge. Five years ago, my friend Sahar Avitan began developing an automatic penetration testing tool for our own use.

Phishing 163
article thumbnail

Subsurface: The Ultimate Data Lakehouse Conference

Speaker: Panel Speakers

We’ve just opened registration for Subsurface LIVE 2023! Learn how to innovate with open source technologies such as Apache Arrow, Delta Lake, and more. Register now to secure your spot at Subsurface LIVE being held March 1-2, 2023.

article thumbnail

NEW TECH: DigiCert unveils ‘Trust Lifecyle Manager’ to centralize control of digital certificates

The Last Watchdog

To get network protection where it needs to be, legacy cybersecurity vendors have begun reconstituting traditional security toolsets. The overarching goal is to try to derive a superset of very dynamic, much more tightly integrated security platforms that we’ll very much need, going forward. Related: The rise of security platforms.

More Trending

article thumbnail

T-Mobile Says Hackers Stole Data of 37 Million Customers

Data Breach Today

Unauthorized Party Obtained Access to Company API for Approximately 6 Weeks T-Mobile disclosed Thursday that hackers had access for approximately 6 weeks to an application programming interface that exposed customer data including names, dates of birth and email addresses.

article thumbnail

Critical Manufacturing Sector in the Bull's-eye

Dark Reading

Serious security flaws go unpatched, and ransomware attacks increase against manufacturers

article thumbnail

Spy Cams Reveal the Grim Reality of Slaughterhouse Gas Chambers

WIRED Threat Level

Animal rights activists have captured the first hidden-camera video from inside a carbon dioxide “stunning chamber” in a US meatpacking plant. Security Security / Privacy Security / Security News

Privacy 113
article thumbnail

Blank-Image Attacks Impersonate DocuSign

KnowBe4

An unusual phishing technique has surfaced this week. Avanan, a Check Point Software company, released a blog Thursday morning detailing a new attack in which hackers hide malicious content inside a blank image within an HTML attachment in phishing emails claiming to be from DocuSign.

Phishing 104
article thumbnail

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

article thumbnail

Ransomware Attack Affects 1,000 Vessels Worldwide

Data Breach Today

Norway's DNV Shuts Down IT Servers, Investigates Attack A maker of software used to manage shipping vessel operations says it has shut down its servers after detecting a ransomware attack.

article thumbnail

EmojiDeploy Attack Chain Targets Misconfigured Azure Service

Dark Reading

Multiple misconfigurations in a service that underpins many Azure features could have allowed an attacker to remotely compromise a cloud user's system

Cloud 114
article thumbnail

AI and Political Lobbying

Schneier on Security

Launched just weeks ago, ChatGPT is already threatening to upend how we draft everyday communications like emails , college essays and myriad other forms of writing.

article thumbnail

The Small but Mighty Danger of Echo Chamber Extremism

WIRED Threat Level

Research shows that relatively few people exist in perfectly sealed-off media bubbles—but they’re still having an outsize impact on US politics. Security Security / National Security Security / Security News Business / National Affairs

article thumbnail

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

article thumbnail

Ransomware Picture: Volume of Known Attacks Remains Constant

Data Breach Today

Massive Profit Potential and Robust Initial Access Market Keep Fueling Ecosystem Ransomware syndicates continue to earn massive profits for criminals while disrupting victims' operations worldwide.

article thumbnail

PayPal Breach Exposed PII of Nearly 35K Accounts

Dark Reading

The credential-stuffing attack, likely fueled by password reuse, yielded personal identifiable information that can be used to verify the authenticity of previously stolen data

article thumbnail

Security Analysis of Threema

Schneier on Security

A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers.

article thumbnail

ChatGPT’s Dark Side: An Endless Supply of Polymorphic Malware

eSecurity Planet

CyberArk researchers are warning that OpenAI’s popular new AI tool ChatGPT can be used to create polymorphic malware.

IT 94
article thumbnail

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

article thumbnail

Rapid7 CEO Corey Thomas on Targeting Phishing Infrastructure

Data Breach Today

Thomas Shares How the IntSights Acquisition Made Threat Intelligence Actionable The IntSights deal has allowed Rapid7 to offer more visibility into the threat landscape and target the phishing infrastructure used by hackers.

Phishing 188
article thumbnail

Attackers Crafted Custom Malware for Fortinet Zero-Day

Dark Reading

The "BoldMove" backdoor demonstrates a high level of knowledge of FortiOS, according to Mandiant researchers, who said the attacker appears to be based out of China

114
114
article thumbnail

Real-World Steganography

Schneier on Security

From an article about Zheng Xiaoqing, an American convicted of spying for China: According to a Department of Justice (DOJ) indictment, the US citizen hid confidential files stolen from his employers in the binary code of a digital photograph of a sunset, which Mr Zheng then mailed to himself.

article thumbnail

Cybersecurity in the Metaverse Will Require New Approaches

eSecurity Planet

Despite challenges faced by Meta and others, there remains optimism for the metaverse. The PwC 2022 U.S. Business and Consumer Metaverse Survey highlights this. The survey, which included over 5,000 consumers and 1,000 U.S.

article thumbnail

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

article thumbnail

Hostile Takeover: Kraken Hacks Rival Darknet Market Solaris

Data Breach Today

Since Hydra Market Got Shuttered by Police, Russian Rivals Battle for Market Share Competition between rival Russian-language darknet markets remains fierce since police shuttered Hydra last year. The latest to fall dark is Solaris, which controlled an estimated 25% of the darknet drug trade.

Marketing 169
article thumbnail

Compromised Zendesk Employee Credentials Lead to Breach

Dark Reading

Zendesk has alerted customers to a successful SMS phishing campaign that has exposed "service data," but details remain scarce

Phishing 112
article thumbnail

Russian Ransomware Gang Attack Destabilizes UK Royal Mail

WIRED Threat Level

Plus: Joe Biden’s classified-documents scandal, the end of security support for Windows 7, and more. Security Security / Cyberattacks and Hacks Security / National Security Security / Privacy Security / Security News

article thumbnail

[Eye Popper] Ransomware Victims Refused To Pay Last Year

KnowBe4

Finally some good news from the ransomware front! Despite bad actors launching a number of ransomware campaigns throughout 2022, organizations refused to submit and paid criminals an estimated $456.8 million - 40% less than the astounding total of $765 million in ransom payments from 2020 and 2021.

article thumbnail

7 Ways to Supercharge Your ABM Strategy with Real-Time Intent

Streaming real-time intent is a homerun for marketing and sales’ account-based marketing (ABM) strategies. With real-time buyer insights, you can be first-in-line to provide solutions and lead better, hyper-personalized conversations.

article thumbnail

ISMG Editors: Why Is LockBit Ransomware Group So Prolific?

Data Breach Today

Also: Netskope's SASE Vision; The Compassionate CISO In the latest weekly update, ISMG editors discuss why being a CISO is like being the first family doctor in a small village, why you can't trust ransomware gangs such as LockBit, and why cloud security vendor Netskope took on $401 million in debt from Morgan Stanley to fuel its SASE offering.

article thumbnail

ChatGPT Could Create Polymorphic Malware Wave, Researchers Warn

Dark Reading

The powerful AI bot can produce malware without malicious code, making it tough to mitigate

IT 114
article thumbnail

All the Data Apple Collects About You—and How to Limit It

WIRED Threat Level

Cupertino puts privacy first in a lot of its products. But the company still gathers a bunch of your information. Security Security / Privacy