February, 2023

article thumbnail

Notorious Finnish Hacker 'Zeekill' Busted by French Police

Data Breach Today

Aleksanteri Kivimaki Charged With Mental Health Patient Data Breach and Extortion French police arrested hacker Aleksanteri Kivimäki, 25, who's suspected of hacking and extorting a Finnish mental health service provider, leaking patient data and extorting 25,000 patients.

article thumbnail

KrebsOnSecurity in Upcoming Hulu Series on Ashley Madison Breach

Krebs on Security

KrebsOnSecurity will likely have a decent amount of screen time in an upcoming Hulu documentary series about the 2015 megabreach at marital infidelity site Ashley Madison.

Security 173
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

FIRESIDE CHAT: New automated tools, practices ascend to help companies wrangle PKI

The Last Watchdog

Arguably one of the biggest leaps forward an enterprise can make in operational reliability, as well as security, is to shore up its implementations of the Public Key Infrastructure. Related: Why the ‘Matter’ standard matters Companies have long relied on PKI to deploy and manage the digital certificates and cryptographic keys that authenticate and protect just about every sensitive digital connection you can name.

article thumbnail

DPRK Using Unpatched Zimbra Devices to Spy on Researchers

Dark Reading

Lazarus Group used a known Zimbra bug to steal data from medical and energy researchers

113
113
article thumbnail

Contact vs. Company Intent Signal Data

Intent signal data comes in two types: either companies or individuals signaling interest in products like yours. Which kind of data delivers more advantages to B2B marketers? It depends. Get this infographic to learn about the advantages of intent-based leads and how you can most effectively use both types of data.

article thumbnail

Finland’s Most-Wanted Hacker Nabbed in France

Hacker News

Julius “Zeekill” Kivimäki, a 25-year-old Finnish man charged with extorting a local online psychotherapy practice and leaking therapy notes for more than 22,000 patients online, was arrested this week in France.

ROT 110

More Trending

article thumbnail

Hackers Posing as Ukrainian Ministry Deploy Info Stealers

Data Breach Today

Spoofed Polish Police Websites Also Found Ukrainian and Polish cyber defenders are warning against a slew of phishing websites that mimic official sites, in particular a page that mimics the Ministry of Foreign Affairs of Ukraine.

Phishing 196
article thumbnail

OpenText comments on IBM’s meritless claim against Micro Focus

OpenText Information Management

Last week I was delighted for OpenText to complete the acquisition of Micro Focus and welcome its customers, partners and employees to OpenText. We have significantly expanded our mission in Information Management.

IT 86
article thumbnail

GUEST ESSAY: Advanced tools are ready to help SMBs defend Microsoft 365, Google Workspace

The Last Watchdog

Throughout 2022, we saw hackers become far more sophisticated with their email-based cyber attacks. Using legitimate services and compromised corporate email addresses became a norm and is likely to continue in 2023 and beyond. Related: Deploying human sensors Additionally, with tools like ChatGPT, almost anyone can create new malware and become a threat actor.

article thumbnail

'Money Lover' Finance App Exposes User Data

Dark Reading

A broken access control vulnerability could have led to dangerous follow-on attacks for users of the money-management app

Access 113
article thumbnail

Subsurface: The Ultimate Data Lakehouse Conference

Speaker: Panel Speakers

We’ve just opened registration for Subsurface LIVE 2023! Learn how to innovate with open source technologies such as Apache Arrow, Delta Lake, and more. Register now to secure your spot at Subsurface LIVE being held March 1-2, 2023.

article thumbnail

AIs as Computer Hackers

Schneier on Security

Hacker “Capture the Flag” has been a mainstay at hacker gatherings since the mid-1990s. It’s like the outdoor game, but played on computer networks. Teams of hackers defend their own computers while attacking other teams’.

article thumbnail

Netflix’s US Password-Sharing Crackdown Isn’t Happening—Yet

WIRED Threat Level

Accidental revisions to a US Help Center page sparked confusion about the streamer's next moves. But restrictions on account sharing are still coming soon. Security Security / Security News

article thumbnail

IBM Security GM on Seeing a Target Through the Hacker's Eyes

Data Breach Today

Mary O'Brien on How External Attack Surface Management Finds Internet-Facing Issues Companies can be blinded by their inside-out view and often benefit from another set of eyes that see their business the same way an attacker would, says IBM's Mary O'Brien.

article thumbnail

Forget the IoT. Meet the IoZ: our Internet of Zombie things

The Security Ledger

A school that never sleeps? Cameras that go dark? A dead company hacked back to life? Welcome to the growing Internet of Zombie devices that threatens the security of the Internet. The post Forget the IoT. Meet the IoZ: our Internet of Zombie things appeared first on The Security Ledger with Paul F.

IoT 83
article thumbnail

Intent Signal Data 101

Intent signal data helps B2B marketers engage with buyers sooner in the sales cycle. But there are many confusing terms used to describe intent data. Read this infographic to better understand three common areas of confusion.

article thumbnail

GUEST ESSAY: The common thread between China’s spy balloons and Congress banning Tik Tok

The Last Watchdog

The decision by the House of Representatives to ban TikTok from federal devices is noteworthy, especially as the Chinese spy balloon crisis unfolds. Related: The Golden Age of cyber espionage On December 23, 2022, Congress, in a bipartisan spending bill, banned TikTok from all government devices. The White House, the Pentagon, the Department of Homeland Security, and the State Department have already banned the social media app, as have more than a dozen other states.

Access 114
article thumbnail

Ongoing VMware ESXi Ransomware Attack Highlights Inherent Virtualization Risks

Dark Reading

The global assault on vulnerable VMware hypervisors may have been mitigated by updating to the latest version of the product, but patch management is only part of the story

Risk 108
article thumbnail

A Close Call – PayPal Scam Warning

KnowBe4

On Sunday, I received an urgent message from a friend. PayPal had sent him an email saying that a co-worker had sent him money. This was not unexpected, as he was collecting contributions towards a farewell gift for another coworker.

IT 81
article thumbnail

Biden’s SOTU: Data Privacy Is Now a Must-Hit US State of the Union Topic

WIRED Threat Level

Biden’s speech proves that protecting personal info is no longer a fringe issue. Now, Congress just needs to do something about it. Security Security / Privacy

article thumbnail

Data Value Scorecard Report

This report examines the quantitative research of data leaders on data value and return on investment.

article thumbnail

LockBit Group Goes From Denial to Bargaining Over Royal Mail

Data Breach Today

Ransomware Remains a Royal Pain, as Criminals' Latest Extortion Attempt Highlights The LockBit group has gone from denying it had any involvement in the ransomware attack on Britain's Royal Mail, to trying to bargain for a ransom.

article thumbnail

OpenSSH addressed a new pre-auth double free vulnerability

Security Affairs

The maintainers of OpenSSH address multiple security issues, including a memory safety bug in the OpenSSH server (sshd). The maintainers of OpenSSH have addressed a number of security vulnerabilities with the release of version 9.2.

article thumbnail

Passwords Are Terrible (Surprising No One)

Schneier on Security

This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, and ChangeItN0w!—were

article thumbnail

Inside Killnet: Pro-Russia Hacktivist Group's Support and Influence Grows

Dark Reading

Killnet is building its profile, inspiring jewelry sales and rap anthems. But the impact of its DDoS attacks, like the ones that targeted 14 major US hospitals this week, remain largely questionable

Sales 114
article thumbnail

TCO Considerations of Using a Cloud Data Warehouse for BI and Analytics

Enterprises poured $73 billion into data management software in 2020 – but are seeing very little return on their data investments. 22% of data leaders surveyed have fully realized ROI in the past two years, with 56% having no consistent way of measuring it.

article thumbnail

Thinking Critically About Your Online Behavior

KnowBe4

Employees need to adjust their mindsets in order to defend themselves against social engineering attacks, according to Jonathon Watson at Clio.

article thumbnail

Introducing the Jamf Learning Hub

Jamf

Check out the new Jamf Learning Hub to find the product technical content you need, when you need it to get the most out of Jamf products and succeed with Apple

IT 111
article thumbnail

Dragos CEO on Opening Execs' Eyes to OT Security Threats

Data Breach Today

Why COVID-19 Made Leaders Realize Just How Connected OT Networks Really Are Executives underestimated the security risk associated with operational technology based on the erroneous belief that OT networks are highly segmented or air gapped.

article thumbnail

Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw

Security Affairs

Censys found 30,000 internet-facing QNAP appliances potentially impacted by a recently disclosed critical code injection flaw.

IoT 81
article thumbnail

12 Considerations When Evaluating Data Lake Engine Vendors for Analytics and BI

Businesses today compete on their ability to turn big data into essential business insights. Modern enterprises leverage cloud data lakes as the platform used to store data. 57% of the enterprises currently using a data lake cite improved business agility as a benefit.

article thumbnail

Attacking Machine Learning Systems

Schneier on Security

The field of machine learning (ML) security—and corresponding adversarial ML—is rapidly advancing as researchers develop sophisticated techniques to perturb, disrupt, or steal the ML model or data.

article thumbnail

Command-Injection Bug in Cisco Industrial Gear Opens Devices to Complete Takeover

Dark Reading

Two security holes — one particularly gnarly — could allow hackers the freedom to do as they wish with the popular edge equipment

Security 114
article thumbnail

KnowBe4 Wins Winter 2023 "Best of" Awards From TrustRadius in Multiple Categories

KnowBe4

KnowBe4 is proud to be recognized by TrustRadius in the “Best Of” Awards for overall, best feature set, best relationship, and best value for price in the Security Awareness Training software category. Security Awareness Training