Krebs on Security

MAY 16, 2023

A Russian man identified by KrebsOnSecurity in January 2022 as a prolific and vocal member of several top ransomware groups was the subject of two indictments unsealed by the Justice Department today. U.S. prosecutors say Mikhail Pavolovich Matveev , a.k.a. “ Wazawaka ” and “ Boriselcin ” worked with three different ransomware gangs that extorted hundreds of millions of dollars from companies, schools, hospitals and government agencies.

Ransomware 261

Ransomware Security Access Government 261

Krebs on Security

MAY 16, 2023

Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found. In response, the largest online marketplace for items seized in U.S. law enforcement investigations says it now ensures that all phones sold through its platform will be data-wiped prior to auction.

Computer and Electronics 222

Computer and Electronics Paper Access Sales 222

Data Breach Today

MAY 17, 2023

Also, US Takes Action on Spyware; Law Firm Fined After Health Breach In the latest weekly update, ISMG editors discuss how national security concerns about popular social media app TikTok are heating up, how New York's attorney general hit a law firm with a $200,000 fine in a health data breach, and the impact of U.S. limits on advanced smartphone spyware.

Data breaches 245

Data breaches Security 245

Dark Reading

MAY 15, 2023

This Tech Tip demonstrates how security engineers can best use rate limits to mitigate distributed denial-of-service attacks.

Security 105

Security 105

Advertisement

At the beginning of 2023, concern grew over pixels and trackers, which load into the browser as a part of the software supply chain, being used by data harvesting platforms to collect user data. The data is then transferred to the servers of the companies owning the pixels/trackers as a part of their advertising and marketing business. Aggressive data harvesting practices increase the likelihood and/or actual transfer of sensitive data, which may cause unintended consequences, including expensiv

Security

Data Breach Today

MAY 17, 2023

Malware Designed to Load Crypto-Lockers Remains Key Tool for Ransomware Groups The Royal ransomware group, which spun off from Conti in early 2022, is refining its downloader malware using tactics and techniques that appear to draw directly from other post-Conti groups, as well as working closely with trusted former associates of Conti, REvil and Hive, researchers say.

Ransomware 195

Ransomware IT 195

Data Protection Report

MAY 18, 2023

On 11 May 2023, members of the European Parliament passed their compromise text of the AI Act (the AI Act ) at the committee stage, taking this law a step closer to being finalised. The compromise text ( the Parliament Draft ), which amends the Commission’s original proposal, includes quite a large number of amendments, some of which will most likely not make the final cut following the trilogue negotiations [Footnote: The Council’s (representing the governments of the EU Member States) position

Artificial Intelligence 144

Artificial Intelligence Risk Privacy Compliance 144

Dark Reading

MAY 18, 2023

A newly discovered bug in the open source password manager, if exploited, lets attackers retrieve a target's master password — and proof-of-concept code is available.

Passwords 144

Passwords 144

Data Breach Today

MAY 19, 2023

Vulnerabilities Exist in Apple-Mandated WebKit Browser Engine Apple is patching actively exploited zero-day flaws in its browser rendering engine for mobile devices, and one cybersecurity firm says the vulnerabilities are likely evidence of takeover attacks. Two of the bugs were the subject of Apple's first-ever Rapid Security Response.

Cybersecurity 315

Cybersecurity Security IT 315

The Last Watchdog

MAY 16, 2023

Attack surface expansion translates into innumerable wide-open vectors of potential unauthorized access into company networks. Related: The role of legacy security tools Yet the heaviest volume of routine, daily cyber attacks continue to target a very familiar vector: web and mobile apps. At RSA Conference 2023 , I had the chance to meet with Paul Nicholson , senior director of product marketing and analyst relations at A10 Networks.

Cloud 190

Cloud Security Access Marketing 190

Advertisement

Case studies are proof of successful client relations and a verifiable product or service. They persuade buyers by highlighting your customers' experiences with your company and its solution. In sales, case studies are crucial pieces of content that can be tailored to prospects' pain points and used throughout the buyer's journey. In marketing, case studies are versatile assets for generating business, providing reusable elements for ad and social media content, website material, and marketing c

Sales

OpenText Information Management

MAY 18, 2023

Here at OpenText, we are proud of the technology we build. The investments we make and the customer-centric approach we take to our innovations are, we believe, what makes our solutions so valuable. It is always encouraging and exciting to be acknowledged by our customers and the experts in the markets we serve. This includes … The post OpenText receives recognition from leading industry analyst firms appeared first on OpenText Blogs.

Marketing 138

Marketing Content services IT Cloud 138

Hunton Privacy

MAY 16, 2023

On May 16, 2023, the French Data Protection Authority (the “CNIL”) announced its action plan on artificial intelligence (the “AI Action Plan”). The AI Action Plan builds on prior work of the CNIL in the field of AI and consists of a series of activities the CNIL will undertake to support the deployment of AI systems that respect the privacy of individuals.

Artificial Intelligence 140

Artificial Intelligence Personal data Data collection Privacy 140

Data Breach Today

MAY 17, 2023

Case is FTC's 2nd Enforcement of Health Data Breach Notification Rule The Federal Trade Commission has barred the developer of fertility tracking app Premom from sharing users' personal health data with third parties for advertising purposes and has fined the vendor $100,000 for alleged violations of the agency's Health Data Breach Notification Rule.

Data breaches 299

Data breaches IT 299

The Last Watchdog

MAY 18, 2023

Your go-to mobile apps aren’t nearly has hackproof as you might like to believe. Related: Fallout of T-Mobile hack Hackers of modest skill routinely bypass legacy security measures, even two-factor authentication, with techniques such as overlay attacks. And hard data shows instances of such breaches on the rise. I had an evocative conversation about this at RSA Conference 2023 with Asaf Ashkenazi , CEO of Verimatrix , a cybersecurity company headquartered in southern France.

Security 161

Security Privacy Cybersecurity Authentication 161

Advertisement

Unleash the power of NoSQL with "Apache Cassandra® NoSQL for the Relational DBA." Learn from Lewis DiFelice, an experienced Professional Services Consultant at Instaclustr, as he shares his journey transitioning from SQL to managing a 40-node Cassandra cluster. Gain insights into Cassandra's architecture, configuration strategies, and best practices.

Dark Reading

MAY 18, 2023

Cybercrime group that often uses smishing for initial access bypassed traditional OS targeting and evasion techniques to directly gain access to the cloud.

Cloud 145

Cloud Access 145

Thales Cloud Protection & Licensing

MAY 17, 2023

Ransomware – Stop’em Before They Wreak Havoc madhav Thu, 05/18/2023 - 06:03 Cybercriminals have been making a run on your data with ransomware attacks over the last decade in increasing frequency. They wreak havoc by bringing critical infrastructures, supply chains, hospitals, and city services to a grinding halt. Cybersecurity Ventures predicts by 2031 ransomware will cost victims $265 billion annually, and it will affect a business, consumer, or device every 2 seconds.

Ransomware 127

Ransomware Encryption Authentication Passwords 127

Data Breach Today

MAY 18, 2023

Experts Highlight the Importance of Preparation, Partnerships, Resilience Fifteen months after Russia intensified its illegal invasion of Ukraine, experts say top cyber defense lessons policymakers and defenders should apply include focusing on resilience. Building for resilience acknowledges the inevitability of ongoing attacks.

IT 281

IT 281

The Last Watchdog

MAY 17, 2023

Could cybersecurity someday soon be implemented as a business enabler, instead of continuing to be viewed as an onerous business expense? Related: Security sea-change wrought by ‘CMMC’ This would fit nicely with the ‘ stronger together ’ theme heralded at RSA Conference 2023. WithSecure is one cybersecurity vendor that is certainly on this path.

Cybersecurity 149

Cybersecurity Security Marketing IT 149

As a business leader, you know it's important to update your apps, but it can be tough to figure out the best approach. This whitepaper helps you in upgrading your current applications using modernization strategies without any business disruptions.

IT

Dark Reading

MAY 16, 2023

Researchers found 11 vulnerabilities in products from three industrial cellular router vendors that attackers can exploit through various vectors, bypassing all security layers.

IoT 135

IoT Security 135

IBM Big Data Hub

MAY 17, 2023

As we navigate an unstable economy, organizations across industries want to be “future-ready,” and that requires systems and processes that can continuously evolve in response to the marketplace demands. For customers who run their operations on SAP, this means modernizing to a cloud ERP platform that supports greater flexibility and agility.

Cloud 125

Cloud Manufacturing Analytics Risk 125

Data Breach Today

MAY 15, 2023

Private Subscription Services Emerge, Together With Fresh Strains of Info Stealers Cybercrime watchers continue to see prolific use of information-stealing malware such as Raccoon and Vidar, which are being used to populate stolen digital identity listings at markets such as Genesis, RussianMarket and TwoEasy, as well as via Telegram channels offering "clouds of logs.

Cloud 276

Cloud Marketing 276

The Last Watchdog

MAY 19, 2023

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts. Related: The Golden Age of cyber espionage Cyber extortion remains a material threat to organizations of all sizes across all industries. Ransomware purveyors have demonstrated their capability to endlessly take advantage of a vastly expanded network attack surface – one that will only continue to expand as the shift to massively interconnected digital services accelerates.

Ransomware 124

Ransomware Security IT 124

Advertisement

Getting off of Hadoop is a critical objective for organizations, with data executives well aware of the significant benefits of doing so. The problem is, there are few options available that minimize the risk to the business during the migration process and that’s one of the reasons why many organizations are still using Hadoop today. By migrating to the data lakehouse, you can get immediate benefits from day one using Dremio’s phased migration approach.

Risk

Dark Reading

MAY 18, 2023

Plug X and other information-stealing remote-access Trojans are among the malware targeting networking, manufacturing, and logistics companies in Taiwan.

Phishing 144

Phishing Manufacturing Access 144

WIRED Threat Level

MAY 15, 2023

The families of victims of a mass shooting in Buffalo are challenging the platforms they believe led the attacker to carry out a racist massacre.

Security 130

Security 130

Data Breach Today

MAY 18, 2023

Also: Ledger Faces Backlash on Seed Phrase Recovery Solution In the days between May 11 and May 18, the Uranium Finance hacker laundered more stolen funds, LayerZero launched a $15 million bug bounty program, the European Union adopted comprehensive cryptocurrency legislation, and Ledger faced backlash on its seed phrase recovery solution.

IT 266

IT 266

Data Matters

MAY 19, 2023

On 29 March 2023, the UK’s Department for Science Innovation and Technology (“ DSIT ”) published its long awaited White Paper on its “pro-innovation approach to AI regulation” (the “ White Paper ”), along with a corresponding impact assessment. The White Paper builds on the “proportionate, light touch and forward-looking” approach to AI regulation set out in the policy paper published in July 2022.

Paper 97

Paper Privacy IT 97

Speaker: William Hord, Senior VP of Risk & Professional Services

Enterprise Risk Management (ERM) is critical for industry growth in today’s fast-paced and ever-changing risk landscape. When building your ERM program foundation, you need to answer questions like: Do we have robust board and management support? Do we understand and articulate our bank’s risk appetite and how that impacts our business units? How are we measuring and rating our risk impact, likelihood, and controls to mitigate our risk?

Risk

Dark Reading

MAY 16, 2023

Cyberattckers can easily exploit a command-injection bug in the popular device, but Belkin has no plans to address the security vulnerability.

Security 145

Security 145

Schneier on Security

MAY 15, 2023

Micro-Star International—aka MSI—had its UEFI signing key stolen last month. This raises the possibility that the leaked key could push out updates that would infect a computer’s most nether regions without triggering a warning. To make matters worse, Matrosov said, MSI doesn’t have an automated patching process the way Dell, HP, and many larger hardware makers do.

Ransomware 112

Ransomware IT 112

Data Breach Today

MAY 16, 2023

Mikhail Matveev Also Faces Sanctions and $10 Million Reward for His Arrest A Russian man the U.S. government says has been a key actor in Russian ransomware hacking faces federal criminal charges, economic sanctions and a $10 million reward for information leading to his arrest. Mikhail Matveev, aka Wazawaka, was a central figure of the Babuk ransomware-as-a-service gang.

Ransomware 264

Ransomware Government 264