Sat.Sep 02, 2023 - Fri.Sep 08, 2023

article thumbnail

How Secure Is Your Authentication Method?

KnowBe4

I frequently write about authentication, including PKI, multi-factor authentication (MFA), password managers, FIDO, Open Authentication, and biometrics. I have written dozens of articles on LinkedIn and have presented during many KnowBe4 webinars about different authentication subjects.

article thumbnail

Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach

Krebs on Security

In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.

Passwords 349
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cryptocurrency Startup Loses Encryption Key for Electronic Wallet

Schneier on Security

The cryptocurrency fintech startup Prime Trust lost the encryption key to its hardware wallet—and the recovery key—and therefore $38.9 million. It is now in bankruptcy. I can’t understand why anyone thinks these technologies are a good idea.

article thumbnail

Tattletale Ransomware Gangs Threaten to Reveal GDPR Breaches

Data Breach Today

Repeat Shakedown Tactic: Victims Told to Pay Up or Else They'll Pay Massive Fines Ransomware groups do whatever they can to pressure a victim into paying. Enter the likes of Ransomed, following in the footsteps of Alphv/BlackСat, NoEscape and Good Day-powered Cloak, all of which threaten victims with a world of General Data Protection Regulation violation pain, unless they pay.

article thumbnail

10 Rules for Managing Apache Cassandra

It’s no surprise that Apache Cassandra has emerged as a popular choice for organizations of all sizes seeking a powerful solution to manage their data at a scale—but with great power comes great responsibility. Due to the inherent complexity of distributed databases, this white paper will uncover the 10 rules you’ll want to know when managing Apache Cassandra.

article thumbnail

STEPS FORWARD: Regulators are on the move to set much needed IoT security rules of the road

The Last Watchdog

New government rules coupled with industry standards meant to give formal shape to the Internet of Things (IoT) are rapidly quickening around the globe. Related: The need for supply chain security This is to be expected. After all, government mandates combined with industry standards are the twin towers of public safety. Without them the integrity of our food supplies, the efficacy of our transportation systems and reliability of our utilities would not be what they are.

IoT 220

More Trending

article thumbnail

Mainframe and the cloud? It’s easy with open source

IBM Big Data Hub

This is part four in a five-part series on mainframe modernization. The secret to mainstreaming the mainframe into today’s modern, cloud-centric IT environments is to make the experience of working with the mainframe like the experience of working off the mainframe—especially the developer experience (DX). Historically, working on the mainframe was an entirely different experience from the distributed world.

Cloud 126
article thumbnail

Breach Roundup: Swedish Insurer Fined $3M for GDPR Breach

Data Breach Today

Also, Google Fitbit Faces Privacy Complaints From Schrems This week, the Swedish DPA fined an insurer $3 million for violating GDPR, a DDoS attack disrupted a German financial agency website, Google Fitbit faced privacy complaints from Schrems, Ragnar Locker published hacked hospital data, and Seville, Spain dealt with the aftermath of a ransomware attack.

Insurance 299
article thumbnail

GUEST ESSAY: Securing your cryptocurrency — best practices for Bitcoin wallet security

The Last Watchdog

Over time, Bitcoin has become the most widely used cryptocurrency in the world. Strong security measures become increasingly important as more people use this digital currency. Related: Currency exchange security issues For managing and keeping your Bitcoin assets, you must need a bitcoin wallet, which is a digital version of a conventional wallet. The protection of your priceless digital assets will be guaranteed by this article’s discussion of the best techniques for protecting your Bitc

Security 100
article thumbnail

Social engineering attacks target Okta customers to achieve a highly privileged role

Security Affairs

Identity services provider Okta warned customers of social engineering attacks carried out by threat actors to obtain elevated administrator permissions. Okta is warning customers of social engineering attacks carried out in recent weeks by threat actors to obtain elevated administrator permissions. The attacks targeted IT service desk staff to trick them into resetting all multi-factor authentication (MFA) factors enrolled by highly privileged users.

article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, VP of Engineering at Betterworks, will explore a practical framework to transform Generative AI pr

article thumbnail

Generative AI: Meet your partner in customer service

IBM Big Data Hub

Brands that deliver an excellent customer experience (CX) will always be more resilient than those that don’t. Giving our customers personalized support at every stage of their journey is proven to earn their longtime loyalty—and keep them from switching to a competitor. The challenge, however, is that many teams operate in siloes that inhibit them from applying their customer insights in meaningful ways.

article thumbnail

Generative AI Warnings Contain Their Own Dangers

Data Breach Today

AI Could Undermine Trust in Democracy, Starting With This Very Statement Artificial intelligence holds the potential to undermine trust in democracy - but overwrought warnings themselves can erode trust in the system critics seek to preserve, warns a cybersecurity firm. AI is "a long way from massively influencing our perception of reality and political discourse.

article thumbnail

Customer Spotlight: Achieve Smarter Modernization Beyond Mainframe Architecture  

OpenText Information Management

For organizations where mainframe and COBOL are at the heart of operations, going beyond the bounds of mainframe architecture to efficiently scale and innovate at speed can seem daunting. Fortunately, there are valuable steps you can take to accelerate your digital transformation journey while staying agile in today’s fast-paced multi-cloud world. Recent OpenText research revealed … The post Customer Spotlight: Achieve Smarter Modernization Beyond Mainframe Architecture appeared first on

article thumbnail

MITRE and CISA release Caldera for OT attack emulation

Security Affairs

MITRE and CISA released a Caldera extension for OT that allows the emulation of attacks on operational technology systems. MITRE Caldera is an open-source adversary emulation platform that helps cybersecurity practitioners to automate security assessments. The tool is built on the MITRE ATT&CK framework, which is a widely-recognized framework for understanding and responding to cyber threats. “Without further ado, the MITRE Caldera team is proud to announce the release of Caldera for O

article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

Cybersecurity Mergers Flatline. Here’s Why That Won’t Last.

eSecurity Planet

Much like the rest of technology, merger and acquisition (M&A) activity for cybersecurity companies has been in a slump this year. There are a number of reasons why that won’t last, but still, the decline has been noteworthy. For the first seven months of this year, there were a mere 34 startups that got acquired, according to data from Crunchbase.

article thumbnail

Apple Fixes Zero-Click Bugs Exploited by NSO Group's Spyware

Data Breach Today

'BlastPass' Can Compromise iPhones Running the Latest iOS Version, Researchers Say Apple released patches Thursday to close a zero-click exploit makers of the Pegasus advanced spyware app used to infect at least one iPhone carried by an individual employed at a Washington, D.C.-based civil society organization. The lab calls the exploit "BlastPass.

295
295
article thumbnail

European Commission Designates Gatekeepers Under the Digital Markets Act

Hunton Privacy

On September 6, 2023, the European Commission designated six companies as gatekeepers under Article 3 of the Digital Markets Act (“DMA”). The new gatekeepers are Alphabet, Amazon, Apple, ByteDance, Meta and Microsoft. Jointly, these companies provide 22 core platform services, including social networks, internet browsers, operative systems and mobile app stores.

Marketing 119
article thumbnail

ASUS routers are affected by three critical remote code execution flaws

Security Affairs

Three critical remote code execution vulnerabilities in ASUS routers potentially allow attackers to hijack the network devices. ASUS routers RT-AX55, RT-AX56U_V2, and RT-AC86U are affected by three critical remote code execution vulnerabilities that can potentially allow threat actors to take over the devices. The three vulnerabilities were reported by the Taiwanese CERT, below are their descriptions: CVE-2023-39238 (CVSS 9.8): ASUS RT-AX55, RT-AX56U_V2 and RT-AC86U iperf-related modules set_ipe

Access 127
article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

Data is essential: Building an effective generative AI marketing strategy

IBM Big Data Hub

Generative AI is powering a new world of creative, customized communications, allowing marketing teams to deliver greater personalization at scale and meet today’s high customer expectations. The potential of this powerful new tool spans the entire end-to-end marketing process, from internal communications and productivity to customer-facing channels and product support.

Marketing 119
article thumbnail

Zscaler Data Security Platform Takes on Symantec, CASB Tools

Data Breach Today

CEO Jay Chaudhry: In-Line Inspection, App-to-App Protection Aid Data Defense Growth Zscaler's ability to inspect traffic in-line and secure application-to-application communications has driven massive growth in its data protection business, CEO Jay Chaudhry said. Customers have embraced Zscaler's data protection technology over both incumbents like Symantec as well as CASB tools.

Security 292
article thumbnail

'Evil Telegram' Spyware Campaign Infects 60K+ Mobile Users

Dark Reading

Legitimate-seeming Telegram "mods" available in the official Google Play store for the encrypted messaging app signal the rise of a new enterprise threat.

article thumbnail

A massive DDoS attack took down the site of the German financial agency BaFin

Security Affairs

A distributed denial-of-service (DDoS) attack took the site of the German Federal Financial Supervisory Authority (BaFin) down. A distributed denial-of-service (DDoS) attack took the site of the German Federal Financial Supervisory Authority (BaFin) down for some days. It is not clear who is behind the DDoS attack, but the media speculate that it was launched by pro-Russian hacktivists in response to the German financial and military support to Ukraine.

article thumbnail

10 Rules for Managing Apache Kafka

Without proper guidance, it’s easy to miss out on Kafka’s full capabilities. While not the easiest technology to optimize, Kafka rewards those willing to explore its depths. Under the hood, it is an elegant system for stream processing, event sourcing, and data integration. Download this white paper to learn the 10 critical rules that will help you optimize your Kafka system and unlock its full potential.

article thumbnail

Ransomware Attacks Speed up 44% Leaving Less Time for Detection and Response

KnowBe4

New data suggests that the gangs and toolkits behind current ransomware attacks are materially improving their abilities, resulting in a speeding up of attacks before defenses kick in.

article thumbnail

Netskope Buys Digital Experience Management Startup Kadiska

Data Breach Today

Deal Will Extend DEM Skills to Nontraditional Environments, Nonsecurity Personnel Netskope purchased a French digital experience management startup to monitor and proactively remediate performance issues across both SD-WAN and SSE. The deal will bring network and application performance visibility to user devices as well as hybrid, SaaS and cloud applications.

Cloud 285
article thumbnail

How Companies Can Cope With the Risks of Generative AI Tools

Dark Reading

To benefit from AI yet minimize risk, companies should be cautious about information they share, be aware of AI's limitations, and stay vigilant about business implications.

Risk 119
article thumbnail

Nation-state actors exploit Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus, CISA warns

Security Affairs

U.S. CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that nation-state actors are exploiting security vulnerabilities in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. The US agency has detected the presence of indicators of compromise (IOCs) at an Aeronautical Sector organization as early as January 2023.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

IT Governance Podcast 08.09.23: Electoral Commission (again), Meta, Pôle emploi

IT Governance

This week, we discuss security issues at the Electoral Commission, Meta’s appeal against daily GDPR fines, and a breach affecting 10 million users of the French unemployment agency Pôle emploi. Also available on Spotify , Amazon Music , Apple Podcasts and SoundCloud. Transcript: Hello and welcome to the IT Governance podcast for Friday, 8 September 2023.

article thumbnail

APT28 Spear-Phishes Ukrainian Critical Energy Facility

Data Breach Today

Energy Facility Impeded Attack by Blocking the Launch of the Windows Script Host Ukrainian cyber defenders say Russian military hackers targeted a critical energy infrastructure facility with phishing emails containing a malicious script leading to cyberespionage. An energy facility cyber defender impeded the attack by blocking the launch of indows Script Host, CERT-UA says.

Phishing 285
article thumbnail

The Comedy of Errors That Let China-Backed Hackers Steal Microsoft’s Signing Key

WIRED Threat Level

After leaving many questions unanswered, Microsoft explains in a new postmortem the series of slipups that allowed attackers to steal and abuse a valuable cryptographic key.

Security 114