Data Breach Today
NOVEMBER 1, 2023
As Ed Gerck Readies Research Paper, Security Experts Say They Want to See Proof A scientist claims to have developed an inexpensive system for using quantum computing to crack RSA, which is the world's most commonly used public key algorithm. If true, this would be a breakthrough that comes years before experts predicted. Now, they're asking for proof.
Krebs on Security
APRIL 4, 2023
Several domain names tied to Genesis Market , a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sources tell KrebsOnsecurity the domain seizures coincided with “dozens” of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
JANUARY 6, 2023
Database Will Provide Intelligence of Use to Online Criminals, Expert Warns Expect the recently leaked database containing over 200 million Twitter records to be an ongoing resource for hackers, fraudsters and other criminals operating online, even though 98% of the email addresses it contains have appeared in prior breaches, experts warn.
Security Affairs
DECEMBER 28, 2023
Leaksmas: On Christmas Eve, multiple threat actors released substantial data leaks, Resecurity experts reported. On Christmas Eve, Resecurity protecting Fortune 100 and government agencies globally, observed multiple actors on the Dark Web releasing substantial data leaks. Over 50 million records containing PII of consumers from around the world have been leaked.
Speaker: Lee Andrews, Founder at LJA New Media & Tony Karrer, Founder and CTO at Aggregage
This session will walk you through how one CEO used generative AI, workflow automation, and sales personalization to transform an entire security company—then built the Zero to Strategy framework that other mid-market leaders are now using to unlock 3.5x ROI. As a business executive, you’ll learn how to assess AI opportunities in your business, drive adoption across teams, and overcome internal resource constraints—without hiring a single data scientist.
Dark Reading
SEPTEMBER 15, 2023
ALPHV/BlackCat ransomware operators have used their leak site to "set the record straight" about the MGM Resorts cyberattack. Meanwhile, more attacks abusing Okta could be likely.
Information Management Today brings together the best content for information management professionals from the widest variety of industry thought leaders.
Dark Reading
OCTOBER 24, 2023
Hundreds of millions of users of Grammarly, Vidio, and the Indonesian e-commerce giant Bukalapak are at risk for financial fraud and credential theft due to OAuth misfires -- and other online services likely have the same problems.
Data Protection Report
NOVEMBER 28, 2023
In a world where generative AI is driving innovation and technology is outpacing legislation, there’s a lot for companies to consider to maintain operational effectiveness and minimize risk. To help provide some guidance, Norton Rose Fulbright Canada hosted its 2023 technology, privacy and cybersecurity virtual summit. Our leading lawyers were joined by prominent industry leaders to discuss and explore the latest developments, challenges and opportunities in the technology, privacy, and cybersec
Data Breach Today
SEPTEMBER 1, 2023
Bill 'Poses a serious threat' to end-to-end encryption, Apple Says U.S. tech companies are stepping up warnings to British lawmakers over a government proposal they say will fatally weaken security and privacy protections for users. The House of Lords is set to return the bill to the House of Commons after a third reading scheduled to begin Wednesday.
Jamf
NOVEMBER 7, 2023
Jamf Threat Labs discovered a new later-stage malware variant from BlueNoroff that shares characteristics with their RustBucket campaign. Read this blog to learn more about this malware and view the indicators of compromise.
Speaker: Alex Salazar, CEO & Co-Founder @ Arcade | Nate Barbettini, Founding Engineer @ Arcade | Tony Karrer, Founder & CTO @ Aggregage
There’s a lot of noise surrounding the ability of AI agents to connect to your tools, systems and data. But building an AI application into a reliable, secure workflow agent isn’t as simple as plugging in an API. As an engineering leader, it can be challenging to make sense of this evolving landscape, but agent tooling provides such high value that it’s critical we figure out how to move forward.
Security Affairs
DECEMBER 10, 2023
WordPress 6.4.2 addressed a security vulnerability that could be chained with another flaw to achieve remote code execution. WordPress released a security update to address a flaw that can be chained with another issue to gain remote code execution. According to the advisory, the RCE flaw is not directly exploitable in the core, however, threat actors can chain it with some plugins, especially in multisite installations, to execute arbitrary code. “A Remote Code Execution vulnerability tha
Security Affairs
DECEMBER 25, 2023
The threat actor UAC-0099 is exploiting a flaw in the WinRAR to deliver LONEPAGE malware in attacks against Ukraine. A threat actor, tracked as UAC-0099, continues to target Ukraine. In some attacks, the APT group exploited a high-severity WinRAR flaw CVE-2023-38831 to deliver the LONEPAGE malware. UAC-0099 threat actor has targeted Ukraine since mid-2022, it was spotted targeting Ukrainian employees working for companies outside of Ukraine.
Security Affairs
DECEMBER 18, 2023
A group of Pro-Israel hacktivists, called Predatory Sparrow, is suspected of having carried out a cyber attack against petrol stations across Iran. A Pro-Israel hacktivist group, called Predatory Sparrow (or Gonjeshke Darande in Persian), is suspected of having carried out a cyber attack against petrol stations across Iran. Iranian state TV and Israeli local media reported that the attack took place on Monday and disrupted services at petrol stations in Iran.
Security Affairs
DECEMBER 9, 2023
Threat actors launched a cyberattack on an Irish water utility causing the interruption of the power supply for two days. Threat actors hacked a small water utility in Ireland and interrupted the water supply for two days. The victim of the attack is a private group water utility in the Erris area, the incident impacted 180 homeowners. According to the Irish media , the residents of the Binghamstown/Drum were without their water supply on Thursday and Friday.
Speaker: Frank Taliano
Documents are the backbone of enterprise operations, but they are also a common source of inefficiency. From buried insights to manual handoffs, document-based workflows can quietly stall decision-making and drain resources. For large, complex organizations, legacy systems and siloed processes create friction that AI is uniquely positioned to resolve.
Security Affairs
DECEMBER 8, 2023
Researchers devised a novel attack vector for process injection, dubbed Pool Party, that evades EDR solutions. Researchers from cybersecurity firm SafeBreach devised a set of process injection techniques, dubbed Pool Party, that allows bypassing EDR solutions. They presented the technique at Black Hat Europe 2023. The experts relied on the less-explored Windows thread pools to discover a novel attack vector for process injection.
Security Affairs
DECEMBER 10, 2023
Researchers discovered a lock screen bypass bug in Android 14 and 13 that could expose sensitive data in users’ Google accounts. The security researcher Jose Rodriguez ( @VBarraquito ) discovered a new lock screen bypass vulnerability for Android 14 and 13. A threat actor with physical access to a device can access photos, contacts, browsing history and more.
Security Affairs
NOVEMBER 20, 2023
The DarkCasino APT group leveraged a recently disclosed WinRAR zero-day vulnerability tracked as CVE-2023-38831. Researchers at cybersecurity firm NSFOCUS analyzed DarkCasino attack pattern exploiting the WinRAR zero-day vulnerability tracked as CVE-2023-38831. The economically motivated APT group used specially crafted archives in phishing attacks against forum users through online trading forum posts. “DarkCasino is an APT threat actor with strong technical and learning ability, who is g
Security Affairs
DECEMBER 31, 2023
Google has agreed to settle a $5 billion privacy lawsuit, which alleged that the company monitored individuals using the Chrome “incognito” mode. Google agreed to settle a $5 billion privacy lawsuit over claims that the company monitored online activity of people who used the ‘incognito’ mode in its Chrome web browser. The class action, filed in 2020 by law firm Boies Schiller Flexner, alleges that the IT giant deceived users, leading them to believe their online activiti
Advertiser: ZoomInfo
AI adoption is reshaping sales and marketing. But is it delivering real results? We surveyed 1,000+ GTM professionals to find out. The data is clear: AI users report 47% higher productivity and an average of 12 hours saved per week. But leaders say mainstream AI tools still fall short on accuracy and business impact. Download the full report today to see how AI is being used — and where go-to-market professionals think there are gaps and opportunities.
WIRED Threat Level
OCTOBER 9, 2023
People who have turned to X for breaking news about the Israel-Hamas conflict are being hit with old videos, fake photos, and video game footage at a level researchers have never seen.
Security Affairs
OCTOBER 8, 2023
Researchers warn that more than 70,000 Android smartphones, CTV boxes, and tablets were shipped with backdoored firmware as part of BADBOX network. Cybersecurity researchers at Human Security discovered a global network of consumer products, dubbed BADBOX, with firmware backdoors installed and sold through a compromised hardware supply chain. The experts reported that at least 74,000 Android-based mobile phones, tablets, and Connected TV boxes worldwide were shipped with the backdoored firmware.
WIRED Threat Level
OCTOBER 6, 2023
At least a million data points from 23andMe accounts appear to have been exposed on BreachForums. While the scale of the campaign is unknown, 23andMe says it's working to verify the data.
Security Affairs
DECEMBER 29, 2023
The Resecurity’s HUNTER unit spotted a new version of the Meduza stealer (version (2.2)) that was released in the dark web. On Christmas Eve, Resecurity’s HUNTER unit spotted the author of perspective password stealer Meduza has released a new version (2.2). One of the key significant improvements are support of more software clients (including browser-based cryptocurrency wallets), upgraded credit card (CC) grabber, and additional advanced mechanisms for password storage dump on var
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
SEPTEMBER 27, 2023
DarkBeam left an Elasticsearch and Kibana interface unprotected, exposing records from previously reported and non-reported data breaches. The leaked logins present cybercriminals with almost limitless attack capabilities. DarkBeam, a digital risk protection firm, left an Elasticsearch and Kibana interface unprotected, exposing records with user emails and passwords from previously reported and non-reported data breaches.
Security Affairs
DECEMBER 18, 2023
An alleged Lockbit 3.0 ransomware attack on the Italian cloud service provider Westpole disrupted multiple services of local and government organizations and municipalities. A cyber attack hit on December 8, 2023 the Italian cloud service provider Westpole, which is specialized in digital services for public administration. The incident impacted a Westpole’s customer company named PA Digitale which offers its services to various local and government organizations that rely on its platform
Security Affairs
DECEMBER 25, 2023
Microsoft reports that the Iran-linked APT33 group is targeting defense contractors worldwide with FalseFont backdoor. Microsoft says the APT33 (aka Peach Sandstorm , Holmium , Elfin , and Magic Hound ) Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack against organizations in the Defense Industrial Base (DIB) sector. “Microsoft has observed the Iranian nation-state actor Peach Sandstorm attempting to deliver a newly developed backdoor named
WIRED Threat Level
OCTOBER 10, 2023
X’s Trust and Safety team says it’s working to remove false information related to the Israel-Hamas war. Meanwhile, Elon Musk is sharing conspiracies and chatting with QAnon promoters.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
NOVEMBER 6, 2023
Google warns of multiple threat actors that are leveraging its Calendar service as a command-and-control (C2) infrastructure. Google warns of multiple threat actors sharing a public proof-of-concept (PoC) exploit, named Google Calendar RAT, that relies on Calendar service to host command-and-control (C2) infrastructure. Google Calendar RAT is a PoC of Command&Control (C2) over Google Calendar Events, it was developed red teaming activities. “To use GRC, only a Gmail account is require
Security Affairs
OCTOBER 4, 2023
Sony Interactive Entertainment has notified current and former employees and their family members about a data breach. Sony Interactive Entertainment (SIE) has notified current and former employees and their family members about a data breach that exposed their personal information. Sony notified about 6,800 individuals, it confirmed that the security breach was the result of the exploitation of the zero-day vulnerability CVE-2023-34362 in the MOVEit Transfer platform.
Security Affairs
OCTOBER 3, 2023
Researchers have identified the exfiltration infrastructure of a LockBit affiliate while investigating a LockBit extortion incident that occurred in Q3 2023. Executive Summary We investigated a recent LockBit extortion incident that occurred in Q3 2023, which involved an unusual FTP server located in Moscow. The hostname of this server was identified as matching many hostnames found in various posts on the LockBit leak site.
Expert insights. Personalized for you.
364 
Let's personalize your content