Krebs on Security

MAY 16, 2023

A Russian man identified by KrebsOnSecurity in January 2022 as a prolific and vocal member of several top ransomware groups was the subject of two indictments unsealed by the Justice Department today. U.S. prosecutors say Mikhail Pavolovich Matveev , a.k.a. “ Wazawaka ” and “ Boriselcin ” worked with three different ransomware gangs that extorted hundreds of millions of dollars from companies, schools, hospitals and government agencies.

Ransomware 254

Ransomware Access Marketing Government 254

Krebs on Security

MAY 16, 2023

Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found. In response, the largest online marketplace for items seized in U.S. law enforcement investigations says it now ensures that all phones sold through its platform will be data-wiped prior to auction.

Computer and Electronics 220

Computer and Electronics Sales Paper Communications 220

Data Breach Today

MAY 17, 2023

Also, US Takes Action on Spyware; Law Firm Fined After Health Breach In the latest weekly update, ISMG editors discuss how national security concerns about popular social media app TikTok are heating up, how New York's attorney general hit a law firm with a $200,000 fine in a health data breach, and the impact of U.S. limits on advanced smartphone spyware.

Data breaches 223

Data breaches Security 223

Dark Reading

MAY 15, 2023

This Tech Tip demonstrates how security engineers can best use rate limits to mitigate distributed denial-of-service attacks.

Security 92

Security 92

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

Data Breach Today

MAY 17, 2023

Malware Designed to Load Crypto-Lockers Remains Key Tool for Ransomware Groups The Royal ransomware group, which spun off from Conti in early 2022, is refining its downloader malware using tactics and techniques that appear to draw directly from other post-Conti groups, as well as working closely with trusted former associates of Conti, REvil and Hive, researchers say.

Ransomware 177

Ransomware IT 177

Data Protection Report

MAY 18, 2023

On 11 May 2023, members of the European Parliament passed their compromise text of the AI Act (the AI Act ) at the committee stage, taking this law a step closer to being finalised. The compromise text ( the Parliament Draft ), which amends the Commission’s original proposal, includes quite a large number of amendments, some of which will most likely not make the final cut following the trilogue negotiations [Footnote: The Council’s (representing the governments of the EU Member States) position

Artificial Intelligence 144

Artificial Intelligence Risk Compliance Government 144

Hunton Privacy

MAY 16, 2023

On May 16, 2023, the French Data Protection Authority (the “CNIL”) announced its action plan on artificial intelligence (the “AI Action Plan”). The AI Action Plan builds on prior work of the CNIL in the field of AI and consists of a series of activities the CNIL will undertake to support the deployment of AI systems that respect the privacy of individuals.

Artificial Intelligence 142

Artificial Intelligence Personal data Data collection Privacy 142

Data Breach Today

MAY 19, 2023

Vulnerabilities Exist in Apple-Mandated WebKit Browser Engine Apple is patching actively exploited zero-day flaws in its browser rendering engine for mobile devices, and one cybersecurity firm says the vulnerabilities are likely evidence of takeover attacks. Two of the bugs were the subject of Apple's first-ever Rapid Security Response.

Cybersecurity 269

Cybersecurity Security IT 269

The Last Watchdog

MAY 16, 2023

Attack surface expansion translates into innumerable wide-open vectors of potential unauthorized access into company networks. Related: The role of legacy security tools Yet the heaviest volume of routine, daily cyber attacks continue to target a very familiar vector: web and mobile apps. At RSA Conference 2023 , I had the chance to meet with Paul Nicholson , senior director of product marketing and analyst relations at A10 Networks.

Cloud 214

Cloud Marketing Access Security 214

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

OpenText Information Management

MAY 18, 2023

Here at OpenText, we are proud of the technology we build. The investments we make and the customer-centric approach we take to our innovations are, we believe, what makes our solutions so valuable. It is always encouraging and exciting to be acknowledged by our customers and the experts in the markets we serve. This includes … The post OpenText receives recognition from leading industry analyst firms appeared first on OpenText Blogs.

Marketing 138

Marketing Content services IT Analytics 138

Thales Cloud Protection & Licensing

MAY 17, 2023

Ransomware – Stop’em Before They Wreak Havoc madhav Thu, 05/18/2023 - 06:03 Cybercriminals have been making a run on your data with ransomware attacks over the last decade in increasing frequency. They wreak havoc by bringing critical infrastructures, supply chains, hospitals, and city services to a grinding halt. Cybersecurity Ventures predicts by 2031 ransomware will cost victims $265 billion annually, and it will affect a business, consumer, or device every 2 seconds.

Ransomware 127

Ransomware Encryption Authentication Access 127

Data Breach Today

MAY 16, 2023

Mikhail Matveev Also Faces Sanctions and $10 Million Reward for His Arrest A Russian man the U.S. government says has been a key actor in Russian ransomware hacking faces federal criminal charges, economic sanctions and a $10 million reward for information leading to his arrest. Mikhail Matveev, aka Wazawaka, was a central figure of the Babuk ransomware-as-a-service gang.

Ransomware 239

Ransomware Government 239

The Last Watchdog

MAY 18, 2023

Your go-to mobile apps aren’t nearly has hackproof as you might like to believe. Related: Fallout of T-Mobile hack Hackers of modest skill routinely bypass legacy security measures, even two-factor authentication, with techniques such as overlay attacks. And hard data shows instances of such breaches on the rise. I had an evocative conversation about this at RSA Conference 2023 with Asaf Ashkenazi , CEO of Verimatrix , a cybersecurity company headquartered in southern France.

Security 202

Security Authentication Privacy Cybersecurity 202

Advertisement

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows. By implementing Cloud Development Environments (CDEs), teams can boost efficiency, improve security, and streamline operations through centralized governance.

Cloud

Dark Reading

MAY 18, 2023

Cybercrime group that often uses smishing for initial access bypassed traditional OS targeting and evasion techniques to directly gain access to the cloud.

Cloud 141

Cloud Access 141

Schneier on Security

MAY 15, 2023

Micro-Star International—aka MSI—had its UEFI signing key stolen last month. This raises the possibility that the leaked key could push out updates that would infect a computer’s most nether regions without triggering a warning. To make matters worse, Matrosov said, MSI doesn’t have an automated patching process the way Dell, HP, and many larger hardware makers do.

IT 123

IT Ransomware 123

Data Breach Today

MAY 17, 2023

Case is FTC's 2nd Enforcement of Health Data Breach Notification Rule The Federal Trade Commission has barred the developer of fertility tracking app Premom from sharing users' personal health data with third parties for advertising purposes and has fined the vendor $100,000 for alleged violations of the agency's Health Data Breach Notification Rule.

Data breaches 232

Data breaches IT 232

The Last Watchdog

MAY 17, 2023

Could cybersecurity someday soon be implemented as a business enabler, instead of continuing to be viewed as an onerous business expense? Related: Security sea-change wrought by ‘CMMC’ This would fit nicely with the ‘ stronger together ’ theme heralded at RSA Conference 2023. WithSecure is one cybersecurity vendor that is certainly on this path.

Cybersecurity 199

Cybersecurity Security Marketing IT 199

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

Data Privacy

Dark Reading

MAY 18, 2023

A newly discovered bug in the open source password manager, if exploited, lets attackers retrieve a target's master password — and proof-of-concept code is available.

Passwords 127

Passwords 127

Schneier on Security

MAY 17, 2023

Microsoft is currently patching a zero-day Secure-Boot bug. The BlackLotus bootkit is the first-known real-world malware that can bypass Secure Boot protections, allowing for the execution of malicious code before your PC begins loading Windows and its many security protections. Secure Boot has been enabled by default for over a decade on most Windows PCs sold by companies like Dell, Lenovo, HP, Acer, and others.

Security 119

Security Access IT 119

Data Breach Today

MAY 18, 2023

Experts Highlight the Importance of Preparation, Partnerships, Resilience Fifteen months after Russia intensified its illegal invasion of Ukraine, experts say top cyber defense lessons policymakers and defenders should apply include focusing on resilience. Building for resilience acknowledges the inevitability of ongoing attacks.

IT 227

IT 227

The Last Watchdog

MAY 19, 2023

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts. Related: The Golden Age of cyber espionage Cyber extortion remains a material threat to organizations of all sizes across all industries. Ransomware purveyors have demonstrated their capability to endlessly take advantage of a vastly expanded network attack surface – one that will only continue to expand as the shift to massively interconnected digital services accelerates.

Ransomware 124

Ransomware Security IT 124

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity

Dark Reading

MAY 16, 2023

Cyberattckers can easily exploit a command-injection bug in the popular device, but Belkin has no plans to address the security vulnerability.

Security 132

Security 132

Data Matters

MAY 19, 2023

On 29 March 2023, the UK’s Department for Science Innovation and Technology (“ DSIT ”) published its long awaited White Paper on its “pro-innovation approach to AI regulation” (the “ White Paper ”), along with a corresponding impact assessment. The White Paper builds on the “proportionate, light touch and forward-looking” approach to AI regulation set out in the policy paper published in July 2022.

Paper 94

Paper Privacy IT 94

Data Breach Today

MAY 16, 2023

Proposed Class Actions - All Filed in Same Georgia Court - Allege Negligence Cloud-based electronic health records vendor NextGen Healthcare is so far facing a dozen proposed class action lawsuits filed in the last week in the same Georgia federal court following the company's disclosure this month of a data breach affecting 1 million individuals.

Data breaches 220

Data breaches Cloud 220

Schneier on Security

MAY 14, 2023

This is a current list of where and when I am scheduled to speak: I’m speaking at IT-S Now 2023 in Vienna, Austria, on June 2, 2023 at 8:30 AM CEST. The list is maintained on this page.

IT 105

IT 105

Speaker: Christophe Louvion, Chief Product & Technology Officer of NRC Health and Tony Karrer, CTO at Aggregage

Christophe Louvion, Chief Product & Technology Officer of NRC Health, is here to take us through how he guided his company's recent experience of getting from concept to launch and sales of products within 90 days. In this exclusive webinar, Christophe will cover key aspects of his journey, including: LLM Development & Quick Wins 🤖 Understand how LLMs differ from traditional software, identifying opportunities for rapid development and deployment.

Sales

Dark Reading

MAY 18, 2023

Plug X and other information-stealing remote-access Trojans are among the malware targeting networking, manufacturing, and logistics companies in Taiwan.

Phishing 119

Phishing Manufacturing Access 119

eSecurity Planet

MAY 19, 2023

Application security tools and software solutions are designed to identify and mitigate vulnerabilities and threats in software applications. Their main purpose is to protect applications from unauthorized access, data breaches, and malicious attacks. These tools play a vital role in ensuring the security, integrity, and confidentiality of sensitive information, such as personal data and financial records.

Security 104

Security Cloud Compliance Risk 104

Data Breach Today

MAY 18, 2023

Also: Ledger Faces Backlash on Seed Phrase Recovery Solution In the days between May 11 and May 18, the Uranium Finance hacker laundered more stolen funds, LayerZero launched a $15 million bug bounty program, the European Union adopted comprehensive cryptocurrency legislation, and Ledger faced backlash on its seed phrase recovery solution.

IT 213

IT 213