Sat.Feb 25, 2023 - Fri.Mar 03, 2023

article thumbnail

When Low-Tech Hacks Cause High-Impact Breaches

Krebs on Security

Web hosting giant GoDaddy made headlines this month when it disclosed that a multi-year breach allowed intruders to steal company source code, siphon customer and employee login credentials, and foist malware on customer websites. Media coverage understandably focused on GoDaddy’s admission that it suffered three different cyberattacks over as many years at the hands of the same hacking group.

Phishing 264
article thumbnail

GUEST ESSAY: The case for complying with ISO 27001 — the gold standard of security frameworks

The Last Watchdog

Of the numerous security frameworks available to help companies protect against cyber-threats, many consider ISO 27001 to be the gold standard. Related: The demand for ‘digital trust’ Organizations rely on ISO 27001 to guide risk management and customer data protection efforts against growing cyber threats that are inflicting record damage , with the average cyber incident now costing $266,000 and as much as $52 million for the top 5% of incidents.

Security 203
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

CISOs Share Their 3 Top Challenges for Cybersecurity Management

Dark Reading

The biggest dilemmas in running a modern cybersecurity team are not all about software, said CISOs from HSBC, Citi, and Sepio.

article thumbnail

Business Email Compromise Gang Gets Jail Time for Stealing Millions

KnowBe4

An international cybercriminal operation responsible for millions of dollars in business email compromise (BEC) scams has finally been dismantled.

92
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Closing the Gap in Threat Visibility

Data Breach Today

The Technologies You Need to See Into Those Dark Corners A lack of visibility makes it nearly impossible to protect an organization against attack. If you can't see what's lurking in the dark corners of your environment, all you can do is react instead of actively identifying and mitigating risks. But some technologies can help with threat visibility.

Risk 246

More Trending

article thumbnail

Attackers Were on Network for 2 Years, News Corp Says

Dark Reading

The publisher of the Wall Street Journal, New York Post, and several other publications had last year disclosed a breach it said was the work of a state-backed actor likely working for China.

IT 126
article thumbnail

[Eye Opener] Businessweek: The Satellite Hack Everyone Is Finally Talking About

KnowBe4

This morning, Bloomberg News pointed at a brand new article at BusinessWeek, one of their media properties. This is an excellent article that exposes the vulnerabilities when communications systems are designed without built-in security from the get-go. It is an excellent wake-up call for your C-level execs and powerful budget ammo.

article thumbnail

CISA Warns That Royal Ransomware Is Picking Up Steam

Data Breach Today

US Agency Says Royal Ransomware Group Is Made Up of Experienced Threat Actors The Royal ransomware group targeting critical infrastructure in the United States and other countries is made up of experienced ransomware attackers and has strong similarities to Conti, the infamous Russia-linked hacking group, according to a new alert issued by U.S. authorities.

article thumbnail

White House Releases National Cybersecurity Strategy

Hunton Privacy

On March 2, 2023, the Biden-Harris Administration announced the release of the National Cybersecurity Strategy. The National Cybersecurity Strategy focuses on five pillars: Defend critical infrastructure , including by (i) establishing cybersecurity regulations to secure critical infrastructure, (ii) strengthening public-private sector collaboration, (iii) integrating federal cybersecurity centers, (iv) updating federal incident response plans and processes, and (v) modernizing federal systems i

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Cloud is changing the way supply chains operate

OpenText Information Management

Cloud computing has gone mainstream in today’s organizations, and many are adopting a cloud-first IT strategy. While enterprises still direct significant amounts of money towards on-premises—or off-cloud—software, that spend is decreasing while the pace of cloud adoption remains high. To elaborate on the speed, scale and diversity of the cloud market, according to Gartner, worldwide … The post Cloud is changing the way supply chains operate appeared first on OpenText Blogs.

Cloud 107
article thumbnail

Cyber Essentials is Updating its Technical Requirements

IT Governance

The NCSC (National Cyber Security Centre) has announced a major update to the technical controls of Cyber Essentials. The changes, which are based on feedback from assessors and applicants, will alter the way organisations are expected to protect and manage various forms of hardware and software. It’s part of a regular review of the scheme, conducted in consultation with technical experts from the NCSC, and follows a major overhaul last year.

IT 106
article thumbnail

Irish Authorities Levy GDPR Fine in Centric Health Breach

Data Breach Today

2019 Ransomware Breach Affected 70,000 Patients, Destroyed Records of 2,500 of Them Irish authorities have fined a healthcare organization 460,000 euros - about $490,000 - for a 2019 Calum ransomware breach that compromised sensitive information of 70,000 patients, including the permanent deletion of data for about 2,500 of them.

GDPR 267
article thumbnail

ChatGPT’s evil sibling? Meet DAN.

Jamf

Based on OpenAI’s ChatGPT, DAN is the jailbroken version of the advanced chatbot technology that operates free from policy constraints…but is this a good thing for the advancement of AI technology or does it further complicate matters relating to mainstream adaptability in our everyday world?

IT 105
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

Revised Colorado Privacy Act Rules Adopted for Review by Colorado AG

Hunton Privacy

On February 28, 2023, the Colorado Office of the Attorney General announced that revised draft Colorado Privacy Act (“CPA”) rules were adopted for review by the Colorado Attorney General prior to finalization and publication in the Colorado Register. The revised rules are not final, and, as drafted, will take effect on July 1, 2023. The revised draft rules follow prior drafts dated October 10, 2022 , December 21, 2022 , and January 27, 2023.

Privacy 104
article thumbnail

How the Ukraine War Opened a Fault Line in Cybercrime, Possibly Forever

Dark Reading

Infighting, conscription, emigration. The war in Ukraine has pitted cybercriminals against one another like no other event before it.

IT 120
article thumbnail

White House Unveils Biden's National Cybersecurity Strategy

Data Breach Today

Focus Includes Critical Infrastructure Security, Secure Software Development The Biden administration has unveiled its new national cybersecurity strategy, detailing top challenges facing the U.S. and plans for addressing them. Goals include minimum security requirements for critical infrastructure sector organizations, and liability for poor software development practices.

article thumbnail

NameCheap’s SendGrid Email Account Compromised, Used to Send Phishing Emails

KnowBe4

Since phishing attacks need legitimacy to increase their deliverability, this latest twist shows how phishing scammers and hackers are working together to ensure phishing attacks continue.

Phishing 102
article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Trusted Platform Module (TPM) 2.0 flaws could impact billions of devices

Security Affairs

Two vulnerabilities affecting the Trusted Platform Module ( TPM ) 2.0 library could potentially lead to information disclosure or privilege escalation. The Trusted Computing Group (TCG) is warning of two vulnerabilities affecting the implementations of the Trusted Platform Module ( TPM ) 2.0 that could potentially lead to information disclosure or privilege escalation.

IoT 98
article thumbnail

LastPass DevOps Engineer Targeted for Cloud Decryption Keys in Latest Breach Revelation

Dark Reading

The adversaries obtained a decryption key to a LastPass database containing multifactor authentication and federation information as well as customer vault data, company says.

Cloud 101
article thumbnail

Attackers Hacked into LastPass Via Employee's Home Computer

Data Breach Today

Attackers Exploited Vulnerability in Third-Party Software for Access The situation at LastPass keeps getting worse: the company says hackers implanted keylogger software on a DevOps employee's home computer to obtain access to the corporate vault. Customer vault data can be decrypted only with the end user master password, which LastPass doesn't store.

Passwords 251
article thumbnail

Thousands of NPM Packages Used to Spread Phishing Links

KnowBe4

Researchers at Checkmarx warn that attackers uploaded more than 15,000 packages to NPM, the open-source repository for JavaScript packages, to distribute phishing links. The packages themselves weren’t malicious, but they contained README text files with links to phishing sites.

article thumbnail

The Big Payoff of Application Analytics

Outdated or absent analytics won’t cut it in today’s data-driven applications – not for your end users, your development team, or your business. That’s what drove the five companies in this e-book to change their approach to analytics. Download this e-book to learn about the unique problems each company faced and how they achieved huge returns beyond expectation by embedding analytics into applications.

article thumbnail

Challenges With Collaboration Data And The Ediscovery Process

Hanzo Learning Center

Tools like Slack and Microsoft Teams were on the rise before the global pandemic; now, they’ve become integral for employee communication at large enterprises, whether they’re in the office, working from home, or a hybrid.

article thumbnail

CISA: ZK Java Framework RCE Flaw Under Active Exploit

Dark Reading

The flaw, which drew attention in October when it was found in ConnectWise products, could pose a significant risk to the supply chain if not patched immediately.

Risk 106
article thumbnail

What Happens When Cybersecurity Unicorns Lose Their Horns?

Data Breach Today

Noname Security Is Reportedly Up for Sale But Will Have to Shed Its Unicorn Status In the 21-month stretch from October 2020 to June 2022, a whopping 48 cybersecurity startups received 10-figure valuations as investors evaluated prospects on potential rather than performance. Now that the financial boom has gone bust, what happens to these unicorns from a different economic era?

article thumbnail

Biden Cybersecurity Strategy: Big Ambitions, Big Obstacles

eSecurity Planet

The White House’s National Cybersecurity Strategy unveiled yesterday is an ambitious blueprint for improving U.S. cybersecurity and threat response, but some of the more ambitious items will take time to implement, and could face opposition from Congress. President Biden came into office around the time of the SolarWinds and Colonial Pipeline cyber attacks, so cybersecurity has been a major focus of the Administration from the beginning.

article thumbnail

A Tale of Two Case Studies: Using LLMs in Production

Speaker: Tony Karrer, Ryan Barker, Grant Wiles, Zach Asman, & Mark Pace

Join our exclusive webinar with top industry visionaries, where we'll explore the latest innovations in Artificial Intelligence and the incredible potential of LLMs. We'll walk through two compelling case studies that showcase how AI is reimagining industries and revolutionizing the way we interact with technology. Some takeaways include: How to test and evaluate results 📊 Why confidence scoring matters 🔐 How to assess cost and quality 🤖 Cross-platform cost vs. quality tr

article thumbnail

BlackLotus is the first bootkit bypassing UEFI Secure Boot on Windows 11

Security Affairs

ESET discovered a stealthy Unified Extensible Firmware Interface (UEFI) bootkit dubbed BlackLotus that is able to bypass the Secure Boot on Windows 11. Researchers from ESET discovered a new stealthy Unified Extensible Firmware Interface ( UEFI ) bootkit, named BlackLotus , that is able to bypass Secure Boot on Windows 11. Secure Boot is a security feature of the latest Unified Extensible Firmware Interface (UEFI) 2.3.1 designed to detect tampering with boot loaders, key operating system files,

article thumbnail

Exfiltrator-22: The Newest Post-Exploitation Toolkit Nipping at Cobalt Strike's Heels

Dark Reading

The framework-as-a-service signals an intensification of the cat-and-mouse game between defenders detecting lateral movement, and cybercriminals looking to go unnoticed.

101
101
article thumbnail

Chinese APT Group Deploying New Malware Backdoor

Data Breach Today

Mustang Panda Using MQsTTang Tool to Target Victims in Asia and Europe, Eset Finds Chinese APT group Mustang Panda is deploying a previously unseen malware backdoor dubbed MQsTTang as part of a spear-phishing campaign targeting governmental organizations, specifically in Ukraine and Taiwan, security firm Eset says. The malware is currently being spread as RAR files, it adds.

Phishing 236