Sat.Oct 15, 2022 - Fri.Oct 21, 2022

Police in Europe Arrest 31 for Hacking and Stealing Autos

Data Breach Today

Keyless Auto Theft Mounting Threat for Car Owners A European ring of auto thieves used software branded as a diagnostic tool to make fobless thefts of cars made by two French manufacturers.

Experts spotted a new undetectable PowerShell Backdoor posing as a Windows update

Security Affairs

Cybersecurity researchers warn of a new PowerShell backdoor that disguises itself as part of the Windows update process to avoid detection. Cybersecurity researchers from SafeBreach a warning of a new PowerShell backdoor masqueraded as a Windows update process to avoid detection.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Emotional Toll From Cyberattacks Can Linger Among Staff for Years

Dark Reading

Research shows 1 in 7 employees involved in a cyberattack exhibits clinical trauma symptoms months after the incident

105
105

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn

Krebs on Security

On October 10, 2022, there were 576,562 LinkedIn accounts that listed their current employer as Apple Inc. The next day, half of those profiles no longer existed.

6 Steps to More Streamlined Data Modeling

Are you a developer, database architect, or database administrator that's new to Cassandra, but been tasked with developing a plan for implementing the technology anyway? Worry no more. Discover a streamlined methodical approach to Apache Cassandra® data modeling.

Mango Markets Set to Pay $47M Bug Bounty to Hacker

Data Breach Today

96% of Voting Tokens favor Deal; Mango Markets Will Not Pursue Criminal Charges Decentralized finance exchange Mango Markets is set to pay $47 million as bug bounty to the hacker who stole $117 million in digital assets on Wednesday.

More Trending

New UEFI rootkit Black Lotus offered for sale at $5,000

Security Affairs

Black Lotus is a new, powerful Windows UEFI rootkit advertised on underground criminal forums, researcher warns. Cybersecurity researcher Scott Scheferman reported that a new Windows UEFI rootkit, dubbed Black Lotus, is advertised on underground criminal forums.

Sales 113

How Card Skimming Disproportionally Affects Those Most In Need

Krebs on Security

When people banking in the United States lose money because their payment card got skimmed at an ATM , gas pump or grocery store checkout terminal , they may face hassles or delays in recovering any lost funds, but they are almost always made whole by their financial institution.

Retail 207

Proof of Concept: California's First Consumer Privacy Fine

Data Breach Today

Retail 261

Researchers Keep a Wary Eye on Critical New Vulnerability in Apache Commons Text

Dark Reading

There's nothing yet to suggest CVE-2022-42889 is the next Log4j. But proof-of-concept code is available, and interest appears to be ticking up

109
109

Intent Signal Data 101

Intent signal data helps B2B marketers engage with buyers sooner in the sales cycle. But there are many confusing terms used to describe intent data. Read this infographic to better understand three common areas of confusion.

Palo Alto Networks fixed a high-severity auth bypass flaw in PAN-OS

Security Affairs

Palo Alto Networks addressed a high-severity authentication bypass vulnerability affecting the PAN-OS 8.1 software. Palo Alto Networks released security patches to address a high-severity authentication bypass flaw, tracked as CVE-2022-0030 (CVSS score 8.1), impacting the PAN-OS 8.1 software.

Anti-Money Laundering Service AMLBot Cleans House

Krebs on Security

AMLBot , a service that helps businesses avoid transacting with cryptocurrency wallets that have been sanctioned for cybercrime activity, said an investigation published by KrebsOnSecurity last year helped it shut down three dark web services that secretly resold its technology to help cybercrooks avoid detection by anti-money laundering systems.

After the Sullivan Verdict: A CISO's Guide to Avoiding Jail

Data Breach Today

Are You a CISO Building Your Risk Register for 2023? Read This First

Dark Reading

Achieving basic IT hygiene is 99% of the game

Risk 107

10 Rules to More Streamlined Data Modeling

Apache Kafka is a powerful piece of software that can solve a lot of problems. Like most libraries and frameworks, you get out of it what you put into it. Learn 10 rules that will help you perfect your Kafka system to get ahead.

Over 17000 Fortinet devices exposed online are very likely vulnerable to CVE-2022-40684

Security Affairs

Fortinet confirmed that many systems are still vulnerable to attacks exploiting the CVE-2022-40684 zero-day vulnerability. Fortinet is urging customers to address the recently discovered CVE-2022-40684 zero-day vulnerability.

Qatar Spyware

Schneier on Security

Everyone visiting Qatar for the World Cup needs to install spyware on their phone. Everyone travelling to Qatar during the football World Cup will be asked to download two apps called Ehteraz and Hayya.

Access 104

Hackers Threaten to Sell Stolen Medibank Data, Seek Ransom

Data Breach Today

Australian Insurance Firm 'Working Urgently' to Verify Theft Claim Australian health insurer Medibank says it received a ransomware demand from hackers asserting to have stolen data during a cybersecurity incident the company detected on Oct.

Signal to Ditch SMS/MMS Messaging on Android

Dark Reading

Main driver for the change: "Plaintext SMS messages are inherently insecure

105
105

Powering Personalization Through Customer Data

Finding the right CDP can help unlock the value of your customer data. This eBook offers guidance on choosing, deploying, and utilizing a CDP, along with a case study on how one bank put data into action to forge stronger connections with customers.

BlueBleed: Microsoft confirmed data leak exposing customers’ info

Security Affairs

Microsoft disclosed a data leak, sensitive data of some of its customers were exposed by a misconfigured Microsoft server accessible online. Microsoft announced that sensitive data belonging to some of its customers were exposed on the Internet due to a misconfigured Microsoft server.

Cloud 103

Hacking Automobile Keyless Entry Systems

Schneier on Security

Suspected members of a European car-theft ring have been arrested : The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away.

New Data Leaks Add to Australia's Data Security Reckoning

Data Breach Today

MyDeal Data Appears Online, Vinomofo Discloses Breach, Optus Fallout Continues Personal data from MyDeal, a marketplace owned by Australia's Woolworths Group grocery chain, has appeared for sale on a data leak forum.

Retail 247

Cybersecurity's Hiring Spree Requires a Recruiting Rethink

Dark Reading

Just 65 cybersecurity professionals are in the workforce for every 100 available jobs, new study shows

Modernizing Workloads with the Cloud: How to Improve Performance & Reduce Costs

In this eBook, you’ll learn how to migrate workloads to Azure and optimize performance for your serverless and containerized applications in Azure.

Japanese tech firm Oomiya hit by LockBit 3.0. Multiple supply chains potentially impacted

Security Affairs

The IT infrastructure of the Japanese tech company Oomiya was infected with the LockBit 3.0 ransomware. One of the affiliates for the LockBit 3.0 RaaS hit the Japanese tech company Oomiya. Oomiya is focused on designing and manufacturing microelectronics and facility system equipment.

How to Decrypt Ransomware Files – And What to Do When That Fails

eSecurity Planet

For any organization struck by ransomware , business leaders always ask “how do we decrypt the data ASAP, so we can get back in business?”. The good news is that ransomware files can be decrypted.

Why Are We So Stupid About Passwords? SSH and RDP Edition

Data Breach Today

Microsoft Data-Exposure Incident Highlights Risk of Cloud Storage Misconfiguration

Dark Reading

Many enterprises continue to leave cloud storage buckets exposed despite widely available documentation on how to properly secure them

Risk 103

Prioritizing Customer Experience Using SLIs & SLOs: A Case Study from The Telegraph

Service Level Indicators (SLIs) and Service Level Objectives (SLOs) are a key pillar of Site Reliability Engineering (SRE) and are the principal tool for eliminating needless alerts and focusing on what really matters to the business.

Bulgaria hit by a cyber attack originating from Russia

Security Affairs

Government institutions in Bulgaria have been hit by a cyber attack during the weekend, experts believe it was launched by Russian threat actors. The infrastructure of government institutions in Bulgaria has been hit by a massive DDoS attack.

New Phishing Attack Attempts to Steal Social Security Numbers

KnowBe4

A phishing campaign is impersonating the US Social Security Administration (SSA) in an attempt to steal Social Security numbers, according to researchers at INKY. Phishing

Iran-Linked Android Malware Makes End Run Around Antivirus

Data Breach Today

FurBall Android Malware Accesses Smartphone Contacts, Say Eset Researchers Researchers from cybersecurity firm Eset found a variant of Android stalkerware dubbed FurBall slightly modified in a semi-successful bid to evade detection.