2024

article thumbnail

National Public Data Published Its Own Passwords

Krebs on Security

New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today.

Passwords 356
article thumbnail

Proactive Network Security: Lessons From CrowdStrike Outage

Data Breach Today

Claroty CEO Vardi on Compensating Controls, Segmentation and Secure Remote Access The recent CrowdStrike outage highlights the need to shift from reactive risk management to proactive measures in cyber-physical security. Claroty CEO Yaniv Vardi emphasizes the importance of compensating controls, network segmentation and secure remote access in preventing similar incidents.

Security 328
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

LW ROUNDTABLE: CrowdStrike outage reveals long road ahead to achieve digital resiliency

The Last Watchdog

Last week, CrowdStrike, one of the cybersecurity industry’s most reputable solution providers, inadvertently caused more disruption across the Internet than all the threat actors active online at the time. Related: Microsoft blames outage on EU A flawed update to CrowdStrike’s Falcon security software caused millions of computers running Microsoft Windows to display the infamous blue screen of death.

article thumbnail

Thanks to AI, GIGO is More Relevant Than Ever

Weissman's World

The adage “garbage in, garbage out” (GIGO) has been around for nearly 70 years, and it’s never been more relevant thanks to the intensifying need for information governance and the emergence of generative and agentic AI as potential disruptors. Regardless of your mandate (e.g., regulatory compliance, privacy protection, migration to the cloud), the core principle… Read More » Thanks to AI, GIGO is More Relevant Than Ever The post Thanks to AI, GIGO is More Relevant T

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Krebs on Security

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don’t Allow” to each prompt.

Passwords 359

More Trending

article thumbnail

BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare

Krebs on Security

There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. “ ALPHV “) as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks. However, the cybercriminal who claims to have given BlackCat access to Change’s network says the crime gang cheated them out of their share of the ransom, and that they st

article thumbnail

U.S. Internet Leaked Years of Internal, Customer Emails

Krebs on Security

The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence , which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade’s worth of its internal email — and that of thousands of Securence clients — in plain text out on the Internet and just a click away for anyone with a Web browser

Education 350
article thumbnail

Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers

Krebs on Security

On April 9, Twitter/X began automatically modifying links that mention “twitter.com” to read “x.com” instead. But over the past 48 hours, dozens of new domain names have been registered that demonstrate how this change could be used to craft convincing phishing links — such as fedetwitter[.]com , which until very recently rendered as fedex.com in tweets.

Phishing 339
article thumbnail

Hackers Steal Phone, SMS Records for Nearly All AT&T Customers

Krebs on Security

AT&T Corp. disclosed today that a new data breach has exposed phone call and text message records for roughly 110 million people — nearly all of its customers. AT&T said it delayed disclosing the incident in response to “national security and public safety concerns,” noting that some of the records included data that could be used to determine where a call was made or text message sent.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Why Phishers Love New TLDs Like.shop,top and.xyz

Krebs on Security

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as.shop ,top ,xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. Meanwhile, the nonprofit entity that oversees the domain name industry is moving forward with plans to introduce a slew of new gTLDs.

Phishing 239
article thumbnail

Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Krebs on Security

Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased. Friends and family who follow the links for the streaming services are then asked to cough up their credit card information. Recently, these scammers have branched out into offering fake streaming services for nearly any kind of event advertised on Facebook.

article thumbnail

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022.

Passwords 338
article thumbnail

UK NHS Hospital Reports 'Major' Cyberincident

Data Breach Today

Outpatient Appointments Cancelled at Wirral University Teaching Hospital A U.K. National Heath Service teaching hospital in northwest England reported a major cyberincident on Tuesday that forced the healthcare facility to cancel outpatient appointments for the day.

291
291
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Alert: Info Stealers Target Stored Browser Credentials

Data Breach Today

Calls Grow to Block Browser-Based Password Storage as Malware Comes Calling Saving passwords in browser-based password managers or via "remember my details" website options might make for simple and fast log-ins for employees, but they also give attackers an easy way to lift legitimate credentials, oftentimes via highly automated, information-stealing malware, experts warn.

Passwords 333
article thumbnail

Fraudsters Deepfake Entire Meeting, Swindle $25.5M

Data Breach Today

Hong Kong Company Scammed After Criminals Used Deepfake Technology to Imitate CFO Fraudsters used deepfake technology to trick an employee at a Hong Kong-based multinational company to transfer $25.57 million to their bank accounts. Hong Kong Police said Sunday that the fraudsters had created deepfake likenesses of top company executives in a video conference to fool the worker.

333
333
article thumbnail

French Government Investigates Suspected Chinese Espionage

Data Breach Today

National Police Probe Botnet Campaign That Infected 3,000 Machines The French government has launched an investigation into a suspected Chinese espionage campaign that infected thousands of networks in France. The botnet campaign pushed out the PlugX remote access Trojan that has infected 3,000 machines in France since 2020.

article thumbnail

CEO of data privacy company Onerep.com founded dozens of people-search firms

Krebs on Security

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Embargo Ransomware Disables Security Defenses

Data Breach Today

New Ransomware Group Deploys Rust-Based Tools in Attacks A recently constituted and apparently well-resourced ransomware player is developing and testing tools to disable security defenses, including a method that exploits a vulnerability in drivers. Embargo first surfaced in April amid an ongoing shakeup in the ransomware world.

article thumbnail

Change Healthcare's Breach Costs Could Reach $2.5 Billion

Data Breach Today

Costs Have Already Hit $2 Billion, Parent Company UnitedHealth Group Reports Fallout from the February ransomware hit on Change Healthcare, including the theft of data pertaining to up to one-third of Americans, has so far led to $2 billion in costs and may yet reach $2.5 billion, says parent company UnitedHealth Group.

article thumbnail

Zero Days Top Cybersecurity Agencies' Most-Exploited List

Data Breach Today

Cybersecurity Officials Urge to Prioritize Fixing These 15 Most-Exploited Flaws Which vulnerabilities need fixing first to best block nation-state and other hacking attempts? Enter the latest Five Eyes intelligence partnership list of the 15 flaws most targeted by attackers, of which 11 were zero-days. Many organizations have yet to patch them all.

article thumbnail

CISA Unveils 'Exceptionally Risky' Software Bad Practices

Data Breach Today

CISA and FBI Warn Software Providers to Avoid Risky Development Practices The Cybersecurity and Infrastructure Security Agency and the FBI released a joint advisory urging software providers to avoid risky practices like using memory-unsafe languages and other techniques that could jeopardize critical infrastructure and national security.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

This Windows PowerShell Phish Has Scary Potential

Krebs on Security

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows use

Phishing 311
article thumbnail

European Police Make Headway Against Darknet Drug Markets

Data Breach Today

Nordic Authorities Takedown Sipulitie, Dutch Police Arrest Alleged Bohemia Admins October has been a good month for European police agencies shutting down dark web marketplaces, with Dutch, Finnish and Swedish police announcing server seizures and suspect arrests. It's been more than a decade since Ross "Dread Pirate Roberts" Ulbricht initiated an era of online criminal bazaars.

Marketing 305
article thumbnail

Global Microsoft Meltdown Tied to Bad Crowdstrike Update

Krebs on Security

A faulty software update from cybersecurity vendor Crowdstrike crippled countless Microsoft Windows computers across the globe today, disrupting everything from airline travel and financial institutions to hospitals and businesses online. Crowdstrike said a fix has been deployed, but experts say the recovery from this outage could take some time, as Crowdstrike’s solution needs to be applied manually on a per-machine basis.

article thumbnail

Insurers Drop Bid to Exclude Merck's $1.4B NotPetya Claims

Data Breach Today

A Settlement Has Been Reached. So, How Might This Affect Similar Cases? A proposed settlement has been reached between Merck & Co. and several insurers that were appealing a 2023 court decision saying the insurance companies could not invoke "hostile warlike action" exclusions in refusing to pay drugmakers' claims filed after the 2017 NotPetya cyberattack.

Insurance 329
article thumbnail

Driving Responsible Innovation: How to Navigate AI Governance & Data Privacy

Speaker: Aindra Misra, Senior Manager, Product Management (Data, ML, and Cloud Infrastructure) at BILL

Join us for an insightful webinar that explores the critical intersection of data privacy and AI governance. In today’s rapidly evolving tech landscape, building robust governance frameworks is essential to fostering innovation while staying compliant with regulations. Our expert speaker, Aindra Misra, will guide you through best practices for ensuring data protection while leveraging AI capabilities.

article thumbnail

Meta Hit Again With Targeted Advertising Limits In Europe

Data Breach Today

European Court of Justice Says Meta May Not Indefinitely Retain User Data Targeted advertising may face additional restrictions following a ruling by the top European Union court that social media giant Meta cannot indefinitely retain user data. Nor can it use data for advertising "without distinction as to type of data," the European Court of Justice said Friday.

IT 305
article thumbnail

Microsoft Says Test Account Gave Hackers Keys to the Kingdom

Data Breach Today

Postmortem: Multiple Customers Also Targeted by Russian Nation-State Attackers A nation-state hacking group run by Russian intelligence gained access to a Microsoft "legacy, non-production test tenant account" and used it to authorize malicious Office 365 OAuth applications, access Outlook, and steal Microsoft and customers' emails and attachments, Microsoft said.

Access 326
article thumbnail

Microsoft: Russian Hackers Had Access to Executives' Emails

Data Breach Today

Computing Giant Says Hackers Did Not Access Customer Data or Production Systems Russian state hackers obtained access to the inboxes of senior Microsoft executives for at least six weeks, the computing giant disclosed late Friday afternoon. "There is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems.

Access 325