Sat.May 13, 2023 - Fri.May 19, 2023

article thumbnail

Russian Hacker “Wazawaka” Indicted for Ransomware

Krebs on Security

A Russian man identified by KrebsOnSecurity in January 2022 as a prolific and vocal member of several top ransomware groups was the subject of two indictments unsealed by the Justice Department today. U.S. prosecutors say Mikhail Pavolovich Matveev , a.k.a. “ Wazawaka ” and “ Boriselcin ” worked with three different ransomware gangs that extorted hundreds of millions of dollars from companies, schools, hospitals and government agencies.

article thumbnail

Re-Victimization from Police-Auctioned Cell Phones

Krebs on Security

Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found. In response, the largest online marketplace for items seized in U.S. law enforcement investigations says it now ensures that all phones sold through its platform will be data-wiped prior to auction.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

ISMG Editors: Is TikTok a Ticking Time Bomb?

Data Breach Today

Also, US Takes Action on Spyware; Law Firm Fined After Health Breach In the latest weekly update, ISMG editors discuss how national security concerns about popular social media app TikTok are heating up, how New York's attorney general hit a law firm with a $200,000 fine in a health data breach, and the impact of U.S. limits on advanced smartphone spyware.

article thumbnail

Breaking the DDoS Attack Loop With Rate Limiting

Dark Reading

This Tech Tip demonstrates how security engineers can best use rate limits to mitigate distributed denial-of-service attacks.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Royal Ransomware Group Builds Its Own Malware Loader

Data Breach Today

Malware Designed to Load Crypto-Lockers Remains Key Tool for Ransomware Groups The Royal ransomware group, which spun off from Conti in early 2022, is refining its downloader malware using tactics and techniques that appear to draw directly from other post-Conti groups, as well as working closely with trusted former associates of Conti, REvil and Hive, researchers say.

More Trending

article thumbnail

The AI Act – A step closer to the first law on Artificial Intelligence

Data Protection Report

On 11 May 2023, members of the European Parliament passed their compromise text of the AI Act (the AI Act ) at the committee stage, taking this law a step closer to being finalised. The compromise text ( the Parliament Draft ), which amends the Commission’s original proposal, includes quite a large number of amendments, some of which will most likely not make the final cut following the trilogue negotiations [Footnote: The Council’s (representing the governments of the EU Member States) position

article thumbnail

CNIL Publishes Action Plan on AI

Hunton Privacy

On May 16, 2023, the French Data Protection Authority (the “CNIL”) announced its action plan on artificial intelligence (the “AI Action Plan”). The AI Action Plan builds on prior work of the CNIL in the field of AI and consists of a series of activities the CNIL will undertake to support the deployment of AI systems that respect the privacy of individuals.

article thumbnail

Apple Fixes 3 Zero-Days Exploited in the Wild

Data Breach Today

Vulnerabilities Exist in Apple-Mandated WebKit Browser Engine Apple is patching actively exploited zero-day flaws in its browser rendering engine for mobile devices, and one cybersecurity firm says the vulnerabilities are likely evidence of takeover attacks. Two of the bugs were the subject of Apple's first-ever Rapid Security Response.

article thumbnail

RSAC Fireside Chat: How a well-placed ‘NGWAF’ can staunch the flow of web, mobile app attacks

The Last Watchdog

Attack surface expansion translates into innumerable wide-open vectors of potential unauthorized access into company networks. Related: The role of legacy security tools Yet the heaviest volume of routine, daily cyber attacks continue to target a very familiar vector: web and mobile apps. At RSA Conference 2023 , I had the chance to meet with Paul Nicholson , senior director of product marketing and analyst relations at A10 Networks.

Cloud 214
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

OpenText receives recognition from leading industry analyst firms

OpenText Information Management

Here at OpenText, we are proud of the technology we build. The investments we make and the customer-centric approach we take to our innovations are, we believe, what makes our solutions so valuable. It is always encouraging and exciting to be acknowledged by our customers and the experts in the markets we serve. This includes … The post OpenText receives recognition from leading industry analyst firms appeared first on OpenText Blogs.

Marketing 138
article thumbnail

Microsoft Azure VMs Hijacked in Cloud Cyberattack

Dark Reading

Cybercrime group that often uses smishing for initial access bypassed traditional OS targeting and evasion techniques to directly gain access to the cloud.

Cloud 141
article thumbnail

FTC Fines Fertility App Vendor, Bars It From Data-Sharing

Data Breach Today

Case is FTC's 2nd Enforcement of Health Data Breach Notification Rule The Federal Trade Commission has barred the developer of fertility tracking app Premom from sharing users' personal health data with third parties for advertising purposes and has fined the vendor $100,000 for alleged violations of the agency's Health Data Breach Notification Rule.

article thumbnail

RSAC Fireside Chat: Deploying Hollywood-tested content protection to improve mobile app security

The Last Watchdog

Your go-to mobile apps aren’t nearly has hackproof as you might like to believe. Related: Fallout of T-Mobile hack Hackers of modest skill routinely bypass legacy security measures, even two-factor authentication, with techniques such as overlay attacks. And hard data shows instances of such breaches on the rise. I had an evocative conversation about this at RSA Conference 2023 with Asaf Ashkenazi , CEO of Verimatrix , a cybersecurity company headquartered in southern France.

Security 202
article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Ransomware – Stop’em Before They Wreak Havoc

Thales Cloud Protection & Licensing

Ransomware – Stop’em Before They Wreak Havoc madhav Thu, 05/18/2023 - 06:03 Cybercriminals have been making a run on your data with ransomware attacks over the last decade in increasing frequency. They wreak havoc by bringing critical infrastructures, supply chains, hospitals, and city services to a grinding halt. Cybersecurity Ventures predicts by 2031 ransomware will cost victims $265 billion annually, and it will affect a business, consumer, or device every 2 seconds.

article thumbnail

KeePass Vulnerability Imperils Master Passwords

Dark Reading

A newly discovered bug in the open source password manager, if exploited, lets attackers retrieve a target's master password — and proof-of-concept code is available.

Passwords 127
article thumbnail

Ukraine's Cyber Defense Success: Top Takeaways

Data Breach Today

Experts Highlight the Importance of Preparation, Partnerships, Resilience Fifteen months after Russia intensified its illegal invasion of Ukraine, experts say top cyber defense lessons policymakers and defenders should apply include focusing on resilience. Building for resilience acknowledges the inevitability of ongoing attacks.

IT 287
article thumbnail

RSAC Fireside Chat: Achieving ‘outcome-based security’ by blending cybersecurity, business goals

The Last Watchdog

Could cybersecurity someday soon be implemented as a business enabler, instead of continuing to be viewed as an onerous business expense? Related: Security sea-change wrought by ‘CMMC’ This would fit nicely with the ‘ stronger together ’ theme heralded at RSA Conference 2023. WithSecure is one cybersecurity vendor that is certainly on this path.

article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

UK Sets Out It’s “Pro-Innovation” Approach To AI Regulation

Data Matters

On 29 March 2023, the UK’s Department for Science Innovation and Technology (“ DSIT ”) published its long awaited White Paper on its “pro-innovation approach to AI regulation” (the “ White Paper ”), along with a corresponding impact assessment. The White Paper builds on the “proportionate, light touch and forward-looking” approach to AI regulation set out in the policy paper published in July 2022.

Paper 97
article thumbnail

Unpatched Wemo Smart Plug Bug Opens Countless Networks to Cyberattacks

Dark Reading

Cyberattckers can easily exploit a command-injection bug in the popular device, but Belkin has no plans to address the security vulnerability.

Security 132
article thumbnail

Info-Stealing Malware Populates 'Cloud of Logs' Offerings

Data Breach Today

Private Subscription Services Emerge, Together With Fresh Strains of Info Stealers Cybercrime watchers continue to see prolific use of information-stealing malware such as Raccoon and Vidar, which are being used to populate stolen digital identity listings at markets such as Genesis, RussianMarket and TwoEasy, as well as via Telegram channels offering "clouds of logs.

Cloud 273
article thumbnail

RSAC Fireside Chat: Upgrading containment to counter Putin’s weaponizing of ransomware

The Last Watchdog

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts. Related: The Golden Age of cyber espionage Cyber extortion remains a material threat to organizations of all sizes across all industries. Ransomware purveyors have demonstrated their capability to endlessly take advantage of a vastly expanded network attack surface – one that will only continue to expand as the shift to massively interconnected digital services accelerates.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

New Rule for Digitizing Records: What you need to know

National Archives Records Express

Welcome to the first in a series of blog posts on the new rule for digitizing federal records. As we mentioned in a previous post , the National Archives and Records Administration (NARA) recently published the final rule for digitizing permanent federal records. This new rule, known as 36 CFR § 1236 Subpart E, will be effective starting June 5, 2023.

article thumbnail

Trojan-Rigged Phishing Attacks Pepper China-Taiwan Conflict

Dark Reading

Plug X and other information-stealing remote-access Trojans are among the malware targeting networking, manufacturing, and logistics companies in Taiwan.

Phishing 119
article thumbnail

Cryptohack Roundup: Uranium Finance, LayerZero, MiCA

Data Breach Today

Also: Ledger Faces Backlash on Seed Phrase Recovery Solution In the days between May 11 and May 18, the Uranium Finance hacker laundered more stolen funds, LayerZero launched a $15 million bug bounty program, the European Union adopted comprehensive cryptocurrency legislation, and Ledger faced backlash on its seed phrase recovery solution.

IT 268
article thumbnail

First look: Rapid Security Response contents

Jamf

With the release of macOS Ventura 13.4, iOS 16.5 and iPadOS 16.5, Apple is showing us for the first time how they plan to document the CVEs that were addressed with prior Rapid Security Responses.

article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

eDiscovery is not just for litigation anymore  

OpenText Information Management

Organizations are facing an evolving legal and regulatory landscape involving everything from complying with stringent data privacy laws to combating sophisticated cyber threats that force organizations to prepare for when – not if – an incident or data breach will occur. To minimize these new and emerging risks, legal professionals do not have to look … The post eDiscovery is not just for litigation anymore appeared first on OpenText Blogs.

article thumbnail

Attackers Target macOS With 'Geacon' Cobalt Strike Tool

Dark Reading

Threat actors seen using Go-language implementation of the red-teaming tool on Intel and Apple silicon-based macOS systems.

126
126
article thumbnail

Alleged Babuk Ransomware Hacker 'Wazawaka' Indicted in US

Data Breach Today

Mikhail Matveev Also Faces Sanctions and $10 Million Reward for His Arrest A Russian man the U.S. government says has been a key actor in Russian ransomware hacking faces federal criminal charges, economic sanctions and a $10 million reward for information leading to his arrest. Mikhail Matveev, aka Wazawaka, was a central figure of the Babuk ransomware-as-a-service gang.