Sat.Nov 19, 2022 - Fri.Nov 25, 2022

article thumbnail

LockBit 3.0 Says It's Holding a Canadian City for Ransom

Data Breach Today

Ransomware Attack Locks Up Westmount Services and Takes Down Email System The nefarious LockBit 3.0 cybercriminal group is claiming responsibility for the ransomware attack that halted municipal services and shut down employee email accounts in Westmount, Quebec, giving the city a deadline of Dec.

article thumbnail

FIRESIDE CHAT: Anchoring security on granular visibility, proactive management of all endpoints

The Last Watchdog

Endpoints are where all are the connectivity action is. Related: Ransomware bombardments. And securing endpoints has once more become mission critical. This was the focal point of presentations at Tanium’s Converge 2022 conference which I had the privilege to attend last week at the Fairmont Austin in the Texas capital. I had the chance to visit with Peter Constantine, Tanium’s Senior Vice President Product Management.

Analytics 140
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cybersecurity Pros Put Mastodon Flaws Under the Microscope

Dark Reading

As the open source social media network blows up due to Twitter's troubles, researchers caution about vulnerabilities within the application

article thumbnail

Expert published PoC exploit code for macOS sandbox escape flaw

Security Affairs

A researcher published details and proof-of-concept (PoC) code for High-Severity macOS Sandbox escape vulnerability tracked as CVE-2022-26696. Researcher Wojciech Regu?a

article thumbnail

Subsurface: The Ultimate Data Lakehouse Conference

Speaker: Panel Speakers

We’ve just opened registration for Subsurface LIVE 2023! Learn how to innovate with open source technologies such as Apache Arrow, Delta Lake, and more. Register now to secure your spot at Subsurface LIVE being held March 1-2, 2023.

article thumbnail

Ontario Teachers’ Data Stolen in Ransomware Attack

Data Breach Today

Victims Notified of Ransomware Attack Six Months After the Incident A cyberattack on a Canadian teachers’ union gave thieves access to sensitive data of more than 60,000 members The union is yet to disclose the exact number of affected individuals, but stated that both former and current members are impacted.

More Trending

article thumbnail

'Patch Lag' Leaves Millions of Android Devices Vulnerable

Dark Reading

Months after a fix was issued by a vendor, downstream Android device manufacturers still haven't patched, highlighting a troubling trend

article thumbnail

Black Friday and Cyber Monday, crooks are already at work

Security Affairs

Every year during Black Friday and Cyber Monday, crooks take advantage of the bad habits of users with fraudulent schema. Researchers at Bitdefender Antispam Lab have analyzed during the last weeks the fraudulent activities associated with Black Friday and Cyber Monday.

Retail 108
article thumbnail

Cybercrime Carnage: Cryptocurrency-Targeting Attacks Abound

Data Breach Today

From Cryptojacking to Exchange Hacks to Scam Token Contracts, Innovation Abounds While the cybercrime story for 2022 has yet to be fully written, cryptocurrency theft will no doubt have a starring role.

article thumbnail

How to Avoid Black Friday Scams Online

WIRED Threat Level

Tis the season for swindlers and hackers. Use these tips to spot frauds and keep your payment info secure. Security Security / Security Advice Gear / How To and Advice

Security 107
article thumbnail

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

article thumbnail

Google Blocks 231B Spam, Phishing Emails in Past 2 Weeks

Dark Reading

Google Workspace's team is seeing a spike in phishing and spam hitting Gmail — up 10% in just the last two weeks

Phishing 111
article thumbnail

Experts claim that iPhone’s analytics data is not anonymous

Security Affairs

Researchers discovered that analytics data associated with iPhone include Directory Services Identifier (DSID) that could allow identifying users.

Analytics 107
article thumbnail

Chinese APT Using Google Drive, Dropbox to Drop Malware

Data Breach Today

Evolved Mustang Panda Malware Targets Government, Education, Other Sectors Globally A large-scale cyberespionage campaign by notorious China-based advanced persistent threat actor Mustang Panda is targeting government, academic and other sectors globally.

Education 224
article thumbnail

GUEST ESSAY — Security practices companies must embrace to stop AI-infused cyber attacks

The Last Watchdog

Consider what might transpire if malicious hackers began to intensively leverage Artificial Intelligence (AI) to discover and exploit software vulnerabilities systematically? Related: Bio digital twin can eradicate heart failure. Cyber-attacks would become much more dangerous and much harder to detect. Currently, human hackers often discover security holes by chance; AI could make their hacking tools faster and the success of their tactics and techniques much more systematic.

article thumbnail

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

article thumbnail

Microsoft: Popular IoT SDKs Leave Critical Infrastructure Wide Open to Cyberattack

Dark Reading

Chinese threat actors have already used the vulnerable and pervasive Boa server to infiltrate the electrical grid in India, in spate of malicious incidents

IoT 109
article thumbnail

New improved versions of LodaRAT spotted in the wild

Security Affairs

Cisco Talos spotted multiple updated versions of LodaRAT that were deployed alongside other malware families, including RedLine and Neshta.

article thumbnail

Beating Clever Phishing Through Strong Authentication

Data Breach Today

Successful account takeovers are one of the most common ways that organizations end up with attackers in their systems. But strong authentication can thwart even the most clever phishing campaigns, says Brett Winterford, regional chief security officer for APJ at Okta

article thumbnail

Microsoft Warns of Surge in Token Theft, Bypassing MFA

eSecurity Planet

The Microsoft Detection and Response Team (DART) recently warned that attackers are increasingly using token theft to circumvent multi-factor authentication (MFA).

article thumbnail

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

article thumbnail

Hot Ticket: 'Aurora' Go-Based InfoStealer Finds Favor Among Cyber-Threat Actors

Dark Reading

The infostealer Aurora’s low detection rates and newcomer status are helping it fly under the radar, as more cybercriminal gangs target cryptocurrency wallets and communications apps

article thumbnail

5 API Vulnerabilities That Get Exploited by Criminals

Security Affairs

Let’s give a look at API vulnerabilities by reading the API Security Top 10 published by the Open Web Application Security Project (OWASP).

article thumbnail

DOJ Charges 10 with BEC Targeting Federal Health Program

Data Breach Today

Suspects Allegedly Caused More Than $11 Million in Total Losses The U.S. Department of Justice on Friday charged 10 individuals with using business email compromise and money laundering schemes to target public and private insurers.

Insurance 207
article thumbnail

The Ninth Edition of The Privacy, Data Protection and Cybersecurity Law Review is Now Available

Data Matters

article thumbnail

Checklist Report: Preparing for the Next-Generation Cloud Data Architecture

Data architectures have evolved dramatically. It is time to reconsider the fundamental ways that information is accumulated, managed, and then provisioned to the different downstream data consumers.

article thumbnail

How Development Teams Should Respond to Text4Shell

Dark Reading

Yet another *4Shell exploit highlights the horror of strange visitors into enterprise environments. This Tech Tip focuses on what to do next

107
107
article thumbnail

DEV-0569 group uses Google Ads to distribute Royal Ransomware

Security Affairs

Microsoft warns that a threat actor, tracked as DEV-0569, is using Google Ads to distribute the recently discovered Royal ransomware.

article thumbnail

How Your Organization Can Enhance Its Cybersecurity Posture

Data Breach Today

5 Questions Your Organization Needs to Answer to Better Detect and Defend Against Attacks There are many elements businesses can act on to enhance their cybersecurity strategy. Start by asking yourself these five questions to understand where your business stands and how you can improve

article thumbnail

A Recent, Complex, Ransomware Campaign

KnowBe4

Microsoft has observed a threat actor that’s been running a phishing campaign since August 2022.

article thumbnail

7 Ways to Supercharge Your ABM Strategy with Real-Time Intent

Streaming real-time intent is a homerun for marketing and sales’ account-based marketing (ABM) strategies. With real-time buyer insights, you can be first-in-line to provide solutions and lead better, hyper-personalized conversations.

article thumbnail

Enterprises Pay $1,200 Per Employee Annually to Fight Cyberattacks Against Cloud Collab Apps

Dark Reading

Orgs are in the middle of a rapid increase in the use of new collaboration tools to serve the needs of an increasingly dispersed workforce — and they're paying a very real security price

Cloud 107
article thumbnail

Ducktail information stealer continues to evolve

Security Affairs

The operators behind the Ducktail information stealer continue to improve their malicious code, operators experts warn.

article thumbnail

Cybersecurity Analysis of the FTX Crypto Heist: Part Two

Data Breach Today

On the heels of the recent FTX financial meltdown came the theft of millions of dollars that left thousands of investors, exchanges and others in the lurch. Hugh Brooks of CertiK shares the status of data that FTX stores, the role of regulations and best cybersecurity practices for crypto exchanges