Sat.Sep 16, 2023 - Fri.Sep 22, 2023

article thumbnail

Who’s Behind the 8Base Ransomware Website?

Krebs on Security

The victim shaming website operated by the cybercriminals behind 8Base — currently one of the more active ransomware groups — was until earlier today leaking quite a bit of information that the crime group probably did not intend to be made public. The leaked data suggests that at least some of website’s code was written by a 36-year-old programmer residing in the capital city of Moldova.

article thumbnail

How to Get Your Board on Board With Cybersecurity

Dark Reading

CISOs can refine their soft skills to help get their cybersecurity best-practices message across. Steps include increasing staff incident-response training and staying current with the threat landscape.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: Caring criminals — why some ransomware gangs now avoid targeting hospitals

The Last Watchdog

Ransomware is a significant threat to businesses worldwide. There are many gangs that work together to orchestrate increasingly damaging attacks. However, some of these groups follow codes of conduct that prevent them from purposefully targeting hospitals. Related: How Putin has weaponized ransomware In mid-March 2020, representatives from the cybersecurity website BleepingComputer contacted numerous ransomware gangs to ask if they’d continue targeting hospitals during the unprecedented COVID-19

article thumbnail

Apple Fixes Bugs That Infected Egyptian Politician's iPhone

Data Breach Today

Cytrox's Predator Found on Device of Ahmed Eltantawy Apple released patches Thursday to close three actively exploited vulnerabilities that researchers say commercial spyware maker Cytrox used to infect the iPhone of Egyptian politician Ahmed Eltantawy with Predator malware. The Citizen Lab attributes the attacks to the Egyptian government.

article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

Mac in the enterprise: a CIO’s perspective by the numbers

Jamf

Fletcher Previn, SVP and CIO at Cisco, returned to JNUC to enlighten us about Cisco’s employee choice program. Previn presents data gathered from Cisco’s workforce of 130,000 people over the 12 months of the program, diving into the impact the program had on their employees’ happiness and performance, IT department and security strength of the business.

Security 138

More Trending

article thumbnail

Black Hat Fireside Chat: Flexxon introduces hardened SSD drives as a last line defense

The Last Watchdog

Creating ever smarter security software to defend embattled company networks pretty much sums up the cybersecurity industry. Related: The security role of semiconductors Cutting against the grain, Flexxon , a Singapore-based supplier of NAND memory drives and storage devices, arrived at Black Hat USA 2023 calling for a distinctive hardware approach to repelling cyber attacks.

article thumbnail

Don't Let AI Frenzy Lead to Overlooking Security Risks

Data Breach Today

Successful AI Implementation Requires a Secure Foundation, Attention to Regulations The private sector's frenzy to incorporate generative AI into products is leading companies to overlook basic security practices, a Google executive warned Tuesday. "Most people are still struggling with the basics," said John Stone, whose title at Google Cloud is "chaos coordinator.

Risk 305
article thumbnail

MGM, Caesars Cyberattack Responses Required Brutal Choices

Dark Reading

Tens of millions in losses later, the MGM and Caesars systems are back online following dual cyberattacks by the same threat actor — here's what experts say about their incident responses.

130
130
article thumbnail

Pro-Russia hacker group NoName launched a DDoS attack on Canadian airports causing severe disruptions

Security Affairs

Pro-Russia hacker group NoName is suspected to have launched a cyberattack that caused border checkpoint outages at several Canadian airports. A massive DDoS cyber attack, likely carried out by Pro-Russia hacker group NoName , severely impacted operations at several Canadian airports last week, reported Recorded Future News. Canada Border Services Agency (CBSA) was able to mitigate the attack after a few hours.

article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

News alert: Omdia finds risk-based vulnerability management set to encompass the VM market

The Last Watchdog

LONDON, Sept. 18, 2023 – The first comparative research into the evolution of the vulnerability management market authored by Omdia has found risk-based vulnerability management (RVBM) is set to encompass the entire vulnerability management market by 2027. Omdia’s comprehensive market analysis is the first report that provides a strategic overview of RBVM and its broader evolution within cybersecurity that Omdia refers to as proactive security. “The emergence of RBVM has been driven by

Marketing 130
article thumbnail

TransUnion Involved in Potential Hacking Incident

Data Breach Today

Hacker 'USDoD' Claims Attack, Says He Has Data of More Than 50,000 Consumers Credit reporting agency TransUnion may be the subject of a hacking incident leading to a data breach after a hacker apparently stole information of 58,505 customers across North and South America and Europe. TransUnion has not acknowledged the hack and refused to discuss the matter on the record.

article thumbnail

Payment Card-Skimming Campaign Now Targeting Websites in North America

Dark Reading

"Silent Skimmer" is a technically complex campaign that has successfully targeted online businesses in the Asia Pacific region for over a year.

131
131
article thumbnail

CardX released a data leak notification impacting their customers in Thailand

Security Affairs

One of Thailand’s major digital financial platforms, CardX , recently disclosed a data leak that affected their customers. According to the statement published on the CardX official website on September 15th, the company experienced a cybersecurity incident that exposed personal information related to personal loan and cash card applications. This information includes the customer’s first and last name, address, telephone number, and email.

article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

News alert: MxD roundtable with White House officials highlights cybersecurity workforce needs

The Last Watchdog

Chicago, Ill., Sept. 21, 2023 — MxD, the Digital Manufacturing and Cybersecurity Institute, today hosted a roundtable discussion with the White House Office of the National Cyber Director. Also in attendance were Access Living, The College of Lake County, CyberSkills2Work, and Task Force Movement. Organizations gathered to discuss courses and programs to address the critical cybersecurity workforce needs in the United States.

article thumbnail

Forecasts of SIEM Death Premature - Just Ask Cisco, Splunk

Data Breach Today

Cisco's Planned $28B Purchase of Splunk Shows XDR and SIEM Can Run Side by Side It turns out SIEM isn't on life support after all. Cisco is providing 28 billion reasons to believe enterprises aren't scrapping the security operations center staple anytime soon, even though rivals with other types of security technology have attempted to write SIEM's obituary for years.

Security 298
article thumbnail

Fake WinRAR PoC Exploit Conceals VenomRAT Malware

Dark Reading

A supposed exploit for a notable RCE vulnerability in the popular Windows file-archiving utility delivers a big sting for unwitting researchers and cybercriminals.

Archiving 122
article thumbnail

Microsoft AI research division accidentally exposed 38TB of sensitive data

Security Affairs

Microsoft AI researchers accidentally exposed 38TB of sensitive data via a public GitHub repository since July 2020. Cybersecurity firm Wiz discovered that the Microsoft AI research division accidentally leaked 38TB of sensitive while publishing a bucket of open-source training data on GitHub. The exposed data exposed a disk backup of two employees’ workstations containing secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages. “The researchers shared their fi

Risk 128
article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

News alert: SSH announces another US financial institution selects PrivX as its PAM solution

The Last Watchdog

Helsinki, Finland, Sept. 22, 2023 – A leading global financial institution has selected PrivX as its privileged access management (PAM) solution. The customer is one of the largest and most important financial institutions in the world. This is third major new significant lighthouse customer for PrivX in the USA. The initial contract value is approximately USD 0.25 million of annual recurring subscription revenue (ARR), including professional services.

IT 100
article thumbnail

Breach Roundup: Effects of ISP Ransomware Attack in Colombia

Data Breach Today

Also, Clorox Product Shortages; California Passes Data Broker Restrictions This week, Colombia grappled with the aftermath of a ransomware attack against IFX Networks, Clorox suffered product shortages, a glitch allowed T-Mobile users to access other users' data, California passed restrictions for data brokers and Finland seized a dark web marketplace.

article thumbnail

MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents

Dark Reading

MGM and Caesars are putting new SEC incident disclosure regulations to a real-world test in the aftermath of twin cyberattacks on the casinos, as class-action lawsuits loom.

115
115
article thumbnail

German intelligence warns cyberattacks could target liquefied natural gas (LNG) terminals

Security Affairs

The head of Germany’s foreign intelligence service warns of state-sponsored attacks aimed at liquefied natural gas (LNG) terminals in the country. Bruno Kahl, the President of the Bundesnachrichtendienst intelligence service since 2016, warned of state-sponsored attacks aimed at liquefied natural gas (LNG) terminals in the country. After the Russian invasion of Ukraine, the German government has chartered three new LNG terminals to reach independence from on gas pipelined from Moscow.

article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

Data Breach Costs Rise, But Cybersecurity Pros Still Take Risks

KnowBe4

The latest data from IBM shows that the average cost of a data breach has gone up by 2% to a whopping $4.45 million. You would think that in the cybersecurity industry, people would be all about safety and security, right? I mean, it's literally in the name.

article thumbnail

Feds Warn About Snatch Ransomware

Data Breach Today

US Agency Advisory Sheds Light on the Group's Activities The Snatch ransomware group is targeting a wide range of critical infrastructure sectors, including the defense industrial base, food and agriculture, and information technology sectors, according to a new alert issued by U.S. authorities. The group operates on a ransomware-as-a-service model.

article thumbnail

Hackers Let Loose on Voting Gear Ahead of US Election Season

Dark Reading

Ethical hackers were given voluntary access to digital scanners, ballot markers, and electronic pollbooks, all in the name of making the voting process more resilient to cyber threats.

Access 111
article thumbnail

Trend Micro addresses actively exploited zero-day in Apex One and other security Products

Security Affairs

Trend Micro addressed a zero-day code execution vulnerability (CVE-2023-41179) in Apex One that has been actively exploited in the wild. Trend Micro has released security updates to patch an actively exploited zero-day vulnerability, tracked as CVE-2023-41179, impacting endpoint security products, including Apex One, Apex One SaaS, and Worry-Free Business Security products.

Security 123
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Weekly Vulnerability Recap – September 18, 2023 – Patch Tuesday Also For Adobe, Apple and More

eSecurity Planet

Microsoft’s Patch Tuesday dominates the headlines because of near-universal Windows adoption. However, many other companies time their updates for the same week, such as Adobe, SAP, and VMware. Active exploits also lead to new versions of all major browsers as well as older versions of Apple products. Organizations of all sizes need to review the active exploits and announced patches and ensure that vulnerabilities in all of their high value and high risk systems are mitigated.

article thumbnail

Google CISO Phil Venables on Building Strong CIO-CISO Bonds

Data Breach Today

CIO, CISO Must Join Forces to Upgrade Organization to More Defendable Architecture Increased engagement from boards on digital transformation initiatives around cloud and AI adoption has spurred greater investment in cybersecurity, said Google Cloud CISO Phil Venables. Systems built and designed decades ago have become increasingly difficult to secure, he said.

article thumbnail

FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service

Dark Reading

The group's use of malware that forces Windows computers to reboot into Safe Mode before encrypting files is noteworthy, advisory says.