Sat.May 20, 2023 - Fri.May 26, 2023

article thumbnail

Panel | The Four Steps to Build a Modern Data Protection Platform

Data Breach Today

With data distributed across multiple clouds serving an increasingly remote workforce, can existing data protection programs truly be successful? Most data protection solutions have been built on a foundation of legacy technologies and operations that only drive up complexity and costs. A best-in-class data protection program should be easy to operate, reduce costs, and ultimately drive down data loss risk.

Cloud 243
article thumbnail

Interview With a Crypto Scam Investment Spammer

Krebs on Security

Social networks are constantly battling inauthentic bot accounts that send direct messages to users promoting scam cryptocurrency investment platforms. What follows is an interview with a Russian hacker responsible for a series of aggressive crypto spam campaigns that recently prompted several large Mastodon communities to temporarily halt new registrations.

IoT 306
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: A roadmap for wisely tightening cybersecurity in the modern workplace

The Last Watchdog

Hackers can hurt your business or organization in many ways. First and foremost, cyberattacks can lead to data breaches in which sensitive information is stolen. If a cyber-criminal uses you as a way to get at your customers, suppliers, or employees, these vital business relationships can turn sour. Related: Tapping hidden pools of security talent Sometimes hackers can encrypt your systems, holding them hostage and asking you to pay money to regain access to them.

article thumbnail

The Mysteries Behind ColdIntro and ColdInvite: TL;DR edition

Jamf

Learn about the discovery of a novel threat vector on iPhone that allows attackers to circumvent security mitigations by exploiting under-protected co-processors, leveraging access to further compromise the iOS kernel.

Security 145
article thumbnail

Customer Experience Management: Optimizing Your Strategy for Financial Success

Speaker: Diane Magers, Founder and Chief Experience Officer at Experience Catalysts

In the world of business, connecting the dots from experience to financial impact is an essential skill. Transforming customer engagement, Voice of Customer (VoC) insights, and Journey Maps into tangible financial outcomes poses a significant challenge for most organizations. To gain buy-in from the C-Suite and key stakeholders, it’s crucial to illustrate how Experience Management translates into clear, measurable business results.

article thumbnail

5 Questions to Ask When Evaluating a New Cybersecurity Technology

Dark Reading

Any new cybersecurity technology should be not just a neutral addition to a security stack but a benefit to the other technologies or people managing them.

More Trending

article thumbnail

OAuth Flaw Exposed Social Media Logins to Account Takeover

Data Breach Today

Now-Fixed Expo Framework API Vulnerability Posed Credential, Identity Theft Risks A new OAuth-related vulnerability in an open-source application development framework could expose Facebook, Google, Apple and Twitter users to account takeover, personal data leakage, identity theft, financial fraud and unauthorized actions on other online platforms, security researchers said.

article thumbnail

GUEST ESSAY: A primer on NIST 207A — guidance for adding ZTNA to cloud-native platforms

The Last Watchdog

Zero trust networking architecture (ZTNA) is a way of solving security challenges in a cloud-first world. Related: The CMMC sea change NIST SP 800-207A (SP 207A), the next installment of Zero Trust guidance from the National Institute of Standards and Technology (NIST), has been released for public review. This special publication was written for security architects and infrastructure designers; it provides useful guidance when designing ZTNA for cloud-native application platforms, especially th

Cloud 209
article thumbnail

Tesla Whistleblower Leaks 100GB of Data, Revealing Safety Complaints

Dark Reading

Informants have released data that includes thousands of safety complaints the company has received about its self-driving capability, as well as sensitive information regarding current and past employees.

IT 132
article thumbnail

Leaked EU Document Shows Spain Wants to Ban End-to-End Encryption

WIRED Threat Level

In response to an EU proposal to scan private messages for illegal material, the country's officials said it is “imperative that we have access to the data.

article thumbnail

How to Stay Competitive in the Evolving State of Martech

Marketing technology is essential for B2B marketers to stay competitive in a rapidly changing digital landscape — and with 53% of marketers experiencing legacy technology issues and limitations, they’re researching innovations to expand and refine their technology stacks. To help practitioners keep up with the rapidly evolving martech landscape, this special report will discuss: How practitioners are integrating technologies and systems to encourage information-sharing between departments and pr

article thumbnail

Android Fingerprint Biometrics Fall to 'BrutePrint' Attack

Data Breach Today

Dictionary Attack Plus Neural Network Fools Security Checks, Researchers Find Security researchers have demonstrated a practical attack that can be used to defeat biometric fingerprint checks and log into a target's Android - but not Apple - smartphone. Dubbed "BrutePrint," the brute force attack is inexpensive and practical to deploy at a large scale.

Security 283
article thumbnail

RSAC Fireside Chat: Counteracting Putin’s weaponizing of ransomware — with containment

The Last Watchdog

The ransomware plague endures — and has arisen as a potent weapon in geopolitical conflicts. Related: The Golden Age of cyber espionage Cyber extortion remains a material threat to organizations of all sizes across all industries. Ransomware purveyors have demonstrated their capability to endlessly take advantage of a vastly expanded network attack surface – one that will only continue to expand as the shift to massively interconnected digital services accelerates.

article thumbnail

Cyber Warfare Lessons From the Russia-Ukraine Conflict

Dark Reading

Techniques used in cyber warfare can be sold to anyone — irrespective of borders, authorities, or affiliations. We need to develop strategies to respond at scale.

133
133
article thumbnail

Information Management in Brazil

AIIM

I was in Brazil recently to keynote the Information Show in Sao Paulo. Traveling to and speaking at Information Management conferences is endlessly fascinating. One might think that, except for language and location, Brazilian information management professional would be similar to their counterparts in North America and Europe, and in some regards, they are, but the differences can be surprising.

ECM 104
article thumbnail

The Essential Guide to Analytic Applications

Embedding dashboards, reports and analytics in your application presents unique opportunities and poses unique challenges. We interviewed 16 experts across business intelligence, UI/UX, security and more to find out what it takes to build an application with analytics at its core. No matter where you are in your analytics journey, you will learn about emerging trends and gather best practices from product experts.

article thumbnail

Capita Issued Erroneous Breach Details, Officials Report

Data Breach Today

Local Authority Finds Sensitive Data Was Exposed Despite Assurances to the Contrary Breach notifications from British outsourcing giant Capita mount amid signs the multibillion-pound company doesn't have a firm grip on how much data it exposed. For a company that trumpets its ability to "achieve better outcomes," Capita's inability to grasp the impact of its breaches is ironic.

IT 245
article thumbnail

RSAC Fireside Chat: Uptycs emulates Google, Akamai to protect cloud-native apps and endpoints

The Last Watchdog

The inadequacy of siloed security solutions is well-documented. Related: Taking a security-first path The good news is that next-gen security platforms designed to unify on-prem and cloud threat detection and remediation are, indeed, coalescing. At RSA Conference 2023 I visited with Elias Terman , CMO, and Sudarsan Kannan , Director of Product Management, from Uptycs , a Walthan, Mass.

Cloud 189
article thumbnail

The Underground History of Turla, Russia's Most Ingenious Hacker Group

WIRED Threat Level

From USB worms to satellite-based hacking, Russia’s FSB hackers, known as Turla, have spent 25 years distinguishing themselves as “adversary number one.

Security 134
article thumbnail

Russia's War in Ukraine Shows Cyberattacks Can Be War Crimes

Dark Reading

Ukraine's head of cybersecurity Victor Zhora says the world needs "efficient legal instruments to confront cyber terrorism.

article thumbnail

1st, 2nd, and 3rd Party Intent Data: Which Is Right for You?

How do 1st, 2nd, and 3rd party intent data compare? 1st, 2nd, and 3rd party data each have specific advantages and disadvantages. It comes down to four factors: accuracy, cost, control and quantity. This infographic explains the pros and cons of each and helps you understand which one is best for meeting your business objectives. Intent data can be a great way to fill your pipeline and close more deals.

article thumbnail

Open-Source Infostealer RAT Hidden in Malicious NPM Packages

Data Breach Today

TurkoRat Capable of Credential Harvesting, Possesses Features Like Wallet Grabber Researchers have identified two legitimate-looking malicious npm packages that concealed an open-source infostealer for two months before being detected and removed. Developers downloaded the TurkoRat malware about 1,200 times from open-source repositories.

237
237
article thumbnail

RSAC Fireside Chat: The need to stop mobile apps from exposing API keys, user credentials in runtime

The Last Watchdog

As digital transformation accelerates, Application Programming Interfaces (APIs) have become integral to software development – especially when it comes to adding cool new functionalities to our go-to mobile apps. Related: Collateral damage of T-Mobile hack Yet, APIs have also exponentially increased the attack vectors available to malicious hackers – and the software community has not focused on slowing the widening of this security gap.

article thumbnail

Digitizing Records: Getting Started

National Archives Records Express

Digital Imaging Lab [technologies] at Archives 2–[photographed for] Prologue use. National Archives Identifier: 184340999 We continue our series of posts to support the publication of 36 CFR section 1236 subpart E – Digitizing Permanent Records , which provides the requirements for digitizing permanent records. Records management is a crucial part of any agency operation, and the rise of digital technology has led many agencies to digitize their records for improved efficiency and ac

article thumbnail

Improving Cybersecurity Requires Building Better Public-Private Cooperation

Dark Reading

Security vendors, businesses, and US government agencies need to work together to fight ransomware and protect critical infrastructure.

article thumbnail

How to Create Unique Customer Journeys to Optimize Business Outcomes

Speaker: Shawn Phillips, CCXP, Head of Growth and Innovation

A one-size-fits-all approach is a great approach – if it’s 2010. With the growth of AI, customers expect – and often demand – a customer journey based on their unique needs and history with your brand. Advanced platforms enable you to move beyond simple personalization or mass customization to create truly unique customer journeys that optimize outcomes for both your customers and your brand.

article thumbnail

iSpoof Admin Gets Up to 13 Years in 115M Euro Vishing Fraud

Data Breach Today

Tejay Fletcher Made It Easy for Scammers to Impersonate Phone Numbers The mastermind behind a criminal website that sold tools for scammers who defrauded victims globally of more than 115 million euros received a 13-year, four-month prison sentence in the United Kingdom just months after law enforcement seized the site.

IT 261
article thumbnail

Recipe For Disaster: The Year Tony Roma Married My Mom

Information Governance Perspectives

In T he Bastard of Beverly Hills , I tell a crazy story about the time my mother was married to restaurateur Tony Roma, and though it’s true to the best of my recollection, people shouldn’t get the wrong impression about him. Tony was a fine man. He was driven, charismatic, funny, and, like me, a bit of a romantic. You can read more about exactly what happened between us in the book, but the bottom line is that the chef didn’t deserve the hell I put him through during the short

IT 105
article thumbnail

Financial Fraud Phishing Attacks Increase 72% In One Year; Financial Industry Takes the Brunt

KnowBe4

With attackers knowing financial fraud-based phishing attacks are best suited for the one industry where the money is, this massive spike in attacks should both surprise you and not surprise you at all.

Phishing 100
article thumbnail

PyPI Shuts Down Over the Weekend, Says Incident Was Overblown

Dark Reading

The climate of concern around open source security and supply chain attacks may have caused a small story to become a big one.

Security 129
article thumbnail

ABM Evolution: How Top Marketers Are Using Account-Based Strategies

In times of economic uncertainty, account-based strategies are essential. According to several business analysts and practitioners, ABM is a necessity for creating more predictable revenue. Research shows that nearly three-quarters of marketers (74%) already have the resources needed to build successful ABM programs.

article thumbnail

State-Aligned Actors Targeting SMBs Globally

Data Breach Today

Vulnerable Small to Midsized Organizations Are Now Favored Victims of APT Actors State-aligned hackers are increasingly targeting small and medium-sized businesses worldwide, as SMBs are more likely to be under-protected against cybersecurity threats such as phishing campaigns, according to a new report by cybersecurity firm Proofpoint.

Phishing 229
article thumbnail

Withholding Single Sign-On from SaaS Customers is Bad for Business and Security

Lenny Zeltser

Despite years of public shaming by security professionals , some SaaS vendors only offer Single Sign-On (SSO) in high-end "enterprise" product tiers. By withholding this capability from smaller organizations, they put customers' security at risk. Moreover, they base a pricing strategy on a weak signal and miss an opportunity to lower their own security risk.

Security 100
article thumbnail

A Threat to Passkeys? BrutePrint Attack Bypasses Fingerprint Authentication

eSecurity Planet

Security researchers recently published a paper detailing an attack they say can be used to bypass smartphone fingerprint authentication. Yiling He of China’s Zhejiang University and Yu Chen of Tencent Security’s Xuanwu Lab are calling the attack BrutePrint , which they say can be used to hijack fingerprint images. An attack like BrutePrint could present a significant threat to passkeys , an increasingly popular way to replace passwords with authentication methods like fingerprint au