WIRED Threat Level

DECEMBER 28, 2022

The password manager's most recent data breach is so concerning, users need to take immediate steps to protect themselves.

Data breaches 121

Data breaches Passwords IT Security 121

Data Breach Today

DECEMBER 26, 2022

APT Groups Use 500 Decoy Domains of Popular NFT, DeFi Platforms North Korean attackers are using phishing websites to impersonate popular NFT platforms and DeFi marketplaces to steal digital assets worth hundreds of thousands of dollars. They set up nearly 500 decoy sites, including that of a project associated with the World Cup and NFT marketplace OpenSea.

Phishing 130

Phishing 130

Dark Reading

DECEMBER 29, 2022

How CISOs handle the ethical issues around data breaches can make or break their careers. Don't wait until a breach happens to plot the course forward.

Data breaches 102

Data breaches 102

Security Affairs

DECEMBER 25, 2022

Threat actors are actively exploiting a critical flaw in the YITH WooCommerce Gift Cards Premium WordPress plugin installed by over 50,000 websites. Hackers are actively exploiting a critical vulnerability, tracked as CVE-2022-45359 (CVSS v3: 9.8), affecting the WordPress plugin YITH WooCommerce Gift Cards Premium. The YITH WooCommerce Gift Cards Premium plugin allows websites of online stores to sell gift cards, a WordPress plugin used on over 50,000 websites.

Passwords 96

Passwords Security Access IT 96

Speaker: Travis Addair, Co-Founder and CTO at Predibase

Large Language Models (LLMs) such as ChatGPT offer unprecedented potential for complex enterprise applications. However, productionzing LLMs comes with a unique set of challenges such as model brittleness, total cost of ownership, data governance and privacy, and the need for consistent, accurate outputs. Putting the right LLMOps process in place today will pay dividends tomorrow, enabling you to leverage the part of AI that constitutes your IP – your data – to build a defensible AI strategy for

Privacy

WIRED Threat Level

DECEMBER 29, 2022

The year was marked by sinister new twists on cybersecurity classics, including phishing, breaches, and ransomware attacks.

Phishing 78

Phishing Ransomware Cybersecurity Security 78

Data Breach Today

DECEMBER 28, 2022

Russia Continued Its Cyber Offensive With an Average of 10 Cyberattacks a Day Ukraine's domestic intelligence agency revealed this week that it successfully blocked more than 4,500 cyberattacks in 2022. The number of cyberattacks has tripled since last year and has grown fivefold since 2020, the domestic intelligence agency's cyber division chief says.

IT 224

IT 224

Schneier on Security

DECEMBER 30, 2022

Yet another smartphone side-channel attack: “ EarSpy: Spying Caller Speech and Identity through Tiny Vibrations of Smartphone Ear Speakers “: Abstract: Eavesdropping from the user’s smartphone is a well-known threat to the user’s safety and privacy. Existing studies show that loudspeaker reverberation can inject speech into motion sensor readings, leading to speech eavesdropping.

Privacy 132

Privacy Manufacturing Paper IT 132

KnowBe4

DECEMBER 27, 2022

Impersonating Facebook using its own platform against them, a new phishing attack takes advantage of victim’s inability to distinguish legitimate from illegitimate.

Phishing 118

Phishing Security IT 118

Dark Reading

DECEMBER 30, 2022

Dark Reading's panel of security experts deliver a magnum of bubbly hot takes on what 2023 will look like, featuring evil AIs, WWIII, wild workplace soon-to-be-norms, and more.

Cybersecurity 109

Cybersecurity Security 109

Speaker: Keith Kmett, Principal CX Advisor at Medallia

Join Keith Kmett, Principal CX Advisor, in this new webinar that will focus on: Understanding CX Orchestration Fundamentals: Gain a solid understanding of what CX orchestration is, its significance in the customer experience landscape, and how it plays a crucial role in shaping customer journeys. This includes the key concepts, strategies, and best practices involved in CX orchestration. 🔑 Connection to Customer Journey Maps: How to effectively integrate customer journey mapping into the

Customer Experience

Data Breach Today

DECEMBER 30, 2022

Website Remains Down Following Christmas Day Attack One of Europe's busiest ports is added to the list of LockBit ransomware victims. The hacking group targeted Portugal's Port of Lisbon on Christmas day, giving the facility a deadline of Jan.18 to pay a ransom of $1.5 million in exchange for their data deletion.

Ransomware 139

Ransomware 139

Schneier on Security

DECEMBER 26, 2022

Last August, LastPass reported a security breach, saying that no customer information—or passwords—were compromised. Turns out the full story is worse : While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service. […].

Passwords 101

Passwords Encryption Cloud Metadata 101

KnowBe4

DECEMBER 28, 2022

By Roger A. Grimes. KnowBe4 recommends that everyone use a password manager to create and use strong passwords as a part of their password policy [link].

Phishing 111

Phishing Passwords 111

Dark Reading

DECEMBER 29, 2022

Attackers are harvesting credentials from compromised systems. Here's how some commonly used tools can enable this.

Encryption 130

Encryption 130

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Cybersecurity

Data Breach Today

DECEMBER 30, 2022

Agency Says It Has Temporary 'Exclusive Control' of Assets for Safe Custody The Bahamas Securities Commission seized digital assets worth $3.5 billion from local firm FTX Digital Markets. The regulator says the funds were at risk of "imminent dissipation" due to hack attacks, and will temporarily remain under its exclusive control, stored in secure digital wallets.

Security 139

Security Risk Marketing IT 139

Lenny Zeltser

DECEMBER 30, 2022

Cybersecurity leaders not only go against threat actors to defend the organization but also find themselves at odds with other business executives. How can we avoid fighting everyone? What does it take to ensure the security team doesn't become the department of "no"? In the following conversation with Chris Cochran and Ron Eddings at Hacker Valley , I discuss how CISOs and other security leaders can: Build relationships with security and business functions.

Cybersecurity 98

Cybersecurity Security Communications Information Security 98

Security Affairs

DECEMBER 25, 2022

Experts warn of a critical Linux Kernel vulnerability (CVSS score of 10) impacting SMB servers that can lead to remote code execution. A critical Linux kernel vulnerability (CVSS score of 10) exposes SMB servers with ksmbd enabled to hack. KSMBD is a Linux kernel server that implements SMB3 protocol in kernel space for sharing files over the network.

Authentication 98

Authentication Security Access Information Security 98

Dark Reading

DECEMBER 28, 2022

Will the bottom falling out of the cryptocurrency market have a profound impact on cybercriminal tactics and business models? Experts weigh in on what to expect.

Cybersecurity 106

Cybersecurity Marketing 106

Advertisement

There’s a good reason why Apache Cassandra® is quickly becoming the NoSQL database of choice for organizations of all stripes. In this white paper, discover the key use cases that make Cassandra® such a compelling open source software – and learn the important pitfalls to avoid. From understanding its distributed architecture to unlocking its incredible power for industries like healthcare, finance, retail and more, experience how Cassandra® can transform your entire data operations.

Retail

Data Breach Today

DECEMBER 29, 2022

Global Cyber Alliance CEO Philip Reitinger Shares Updates, Challenges Global Cyber Alliance CEO Philip Reitinger shares updates on the alliance's Internet Integrity and Capacity & Resilience programs, which tackle key challenges of internet infrastructure, privacy and safety. Success is measured by the number of partners and "who is using the platform," he says.

Government 139

Government Privacy 139

Jamf

DECEMBER 29, 2022

Content filtering is a must for K-12 schools. In many places, it's the law. But how do you find the right one for your students from the dizzying array of content filters available?

IT 98

IT 98

Security Affairs

DECEMBER 24, 2022

The cybersecurity researcher RE-Solver discovered Backdoor credentials in ZyXEL LTE3301-M209 LTE indoor routers. Security researcher ReSolver announced the discovery of hardcoded credentials (CVE-2022-40602) in ZyXEL LTE3301-M209 LTE indoor routers. In previous research, the expert discovered a Telnet backdoor in D-Link DWR-921 which is also present in the ZyXEL LTE3301-M209 as well.

Passwords 98

Passwords Security Cybersecurity Access 98

Dark Reading

DECEMBER 29, 2022

Businesses need to educate employees the type of social engineering attacks used by hacking group DEV-0537 (LAPSUS$) and strengthen their security posture.

Security 106

Security Education 106

Speaker: Dr. Greg Loughnane and Chris Alexiuk

Technology professionals developing generative AI applications are finding that there are big leaps from POCs and MVPs to production-ready applications. They're often developing using prompting, Retrieval Augmented Generation (RAG), and fine-tuning (up to and including Reinforcement Learning with Human Feedback (RLHF)), typically in that order. However, during development – and even more so once deployed to production – best practices for operating and improving generative AI applications are le

Data science

Data Breach Today

DECEMBER 26, 2022

Effective testing of incident response plans continues to be a major weakness for many healthcare sector entities, especially those facing ransomware and other disruptive incidents, says Van Steel, a partner at consultancy LBMC Information Security.

Ransomware 139

Ransomware Information Security Security 139

KnowBe4

DECEMBER 27, 2022

QBot malware phishing campaigns have adopted a new distribution method using SVG files to perform HTML smuggling that locally creates a malicious installer for Windows.

Phishing 96

Phishing 96

Security Affairs

DECEMBER 29, 2022

Researchers warn of thousands of Citrix Application Delivery Controller (ADC) and Gateway endpoints are still unpatched. NCC Group’s Fox-IT research team warns of thousands of Citrix ADC and Gateway endpoints remain vulnerable to two critical vulnerabilities, tracked as CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), that the company addressed in recent months.

Authentication 95

Authentication Cloud Security Access 95

Dark Reading

DECEMBER 27, 2022

The unfettered collaboration of the GitHub model creates a security headache. Follow these seven principles to help relieve the pain.

Security 115

Security IT 115

Speaker: Steve Pappas

As businesses strive for success in an increasingly digitized world, delivering an exceptional customer experience has become paramount. To meet this demand, enterprises are embracing innovative approaches that captivate customers and fuel their loyalty. 💥 Enter conversational AI - an absolute game-changer (if done right) in redefining CX norms.

Customer Experience

Data Breach Today

DECEMBER 25, 2022

Regulatory Pressure over Security, Privacy Mounts on Beleaguered Social Media Firm A member of a criminal data breach forum says he's selling email addresses and phone numbers of 400 million Twitter users. If verified, the data breach would be a further blow to Twitter and its beleaguered chief executive as regulators increase pressure over the firm's security practices.

Data breaches 139

Data breaches Privacy Security IT 139

KnowBe4

DECEMBER 29, 2022

New data focused on cyberattacks in the second half of the year-to-date shows phishing taking the overwhelming lead as the initial attack vector of choice.

Phishing 97

Phishing 97

Security Affairs

DECEMBER 26, 2022

Cybersecurity researchers exposed new evasion techniques adopted by an advanced malware downloader called GuLoader. CrowdStrike researchers d a detailed multiple evasion techniques implemented by an advanced malware downloader called GuLoader (aka CloudEyE ). GuLoader uses a polymorphic shellcode loader to avoid traditional security solutions, the experts mapped all embedded DJB2 hash values for every API used by the malicious code.

Security 95

Security Cybersecurity Access IT 95