Tue.Sep 01, 2020

article thumbnail

Personal Information of Millions of US Voters Available on Dark Web

Adam Levin

Databases containing the personal information of millions of U.S. voters have appeared on Russian hacking forums. According to Russian news outlet Kommersant , a hacker called Gorka9 has posted the personal information of several million registered voters in Michigan, Arkansas, Connecticut, Florida, and South Carolina.The data includes names, birthdates, gender, mailing addresses, email addresses and polling station numbers.

Hacking 281
article thumbnail

North Korea ATM Hack

Schneier on Security

The US Cybersecurity and Infrastructure Security Agency (CISA) published a long and technical alert describing a North Korea hacking scheme against ATMs in a bunch of countries worldwide: This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), the Federal Bureau of Investigation (FBI) and U.S.

Hacking 288
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Ransomware attacks continue to dominate the threat landscape

Tech Republic Security

Cybercriminals are increasingly exploiting the Cobalt Strike testing toolkit to carry out ransomware campaigns, says Cisco Talos Incident Response.

article thumbnail

France will not ban Huawei from its upcoming 5G networks

Security Affairs

French President Emmanuel Macron announced that France won’t ban the Chinese giant Huawei from its upcoming 5G telecommunication networks. French President Emmanuel Macron announced that his government will not exclude Chinese telecom giant Huawei from the building of the upcoming 5G telecommunication networks. However, Macron said that France will favor European providers of 5G technology due to security concerns.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

AI on the Email Offense

Dark Reading

Mass domain purchasing enables email attackers to slip by traditional defenses. Here's how artificial intelligence can stop them.

article thumbnail

Details of millions of U.S. Voters leaked to Russia’s Dark Web forum

Security Affairs

Russia’s Kommersant business newspaper reported that a database containing millions of American voters’ details has appeared on the Russian dark web. A database containing several million American voters’ personal information has appeared on the Russian dark web, Russia’s Kommersant business newspaper reported this week. The news is worrisome due to the upcoming presidential elections in the US and the fear of foreign interference.

More Trending

article thumbnail

Norway ‘s Parliament, Stortinget, discloses a security breach

Security Affairs

Hackers breached Norway ‘s Parliament, Stortinget, and accessed to email for a small number of parliamentary representatives and employees. Norway’s parliament announced Tuesday that it was the target of a major cyber-attack that allowed hackers to access emails and data of a small number of parliamentary representatives and employees. “The parliament has recently been targetted in a vast cyber attack,” reads a statement from Norway’s parliament. “There have b

article thumbnail

U.S. Voter Databases Offered for Free on Dark Web, Report

Threatpost

Some underground forum users said they're monetizing the information through the State Department's anti-influence-campaign effort.

Phishing 110
article thumbnail

ISO 27701 Paves the Way for a Strategic Approach to Privacy

Dark Reading

As the first certifiable international privacy management standard, ISO 27701 is a welcome addition to the existing set of common security frameworks.

105
105
article thumbnail

Iran-linked APT group Pioneer Kitten sells access to hacked networks

Security Affairs

Iran-linked APT group Pioneer Kitten is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers. Iran-linked APT group Pioneer Kitten, also known as Fox Kitten or Parisite, is now trying to monetize its efforts by selling access to some of the networks it has hacked to other hackers. The Iranian hacker group has been attacking corporate VPNs over the past months, they have been hacking VPN servers to plant backdoors in companies around the worl

Hacking 90
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Google and Apple Change Tactics on Contact Tracing Tech

WIRED Threat Level

The companies will handle more of the technology for notifying people who may have been exposed to the coronavirus. Privacy won't be affected, they say.

article thumbnail

FBI: Ring Smart Doorbells Could Sabotage Cops

Threatpost

While privacy advocates have warned against Ring's partnerships with police, newly unearthed documents reveal FBI concerns about 'new challenges' smart doorbell footage could create for cops.

article thumbnail

Tor launches Tor Project Membership Program to financially support its work

Security Affairs

The Tor Project announced the launch of the Tor Project Membership Program to financially support the work of the organizations. The Tor Project launched the Tor Project Membership Program to financially support its work. The move aims at diversifying funding in the budget of the organization and to increase unrestricted funds for the software development of tor and other tools.

article thumbnail

Anti-Phishing Startup Pixm Aims to Hook Browser-Based Threats

Dark Reading

Pixm visually analyzes phishing websites from a human perspective to detect malicious pages people might otherwise miss.

Phishing 106
article thumbnail

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

article thumbnail

Magecart Credit-Card Skimmer Adds Telegram as C2 Channel

Threatpost

In a rare move, the encrypted messaging service is being used to send stolen payment-card data from websites back to cybercriminals.

article thumbnail

New APT Pioneer Kitten Linked to Iranian Government

Dark Reading

The group's targets have primarily been North American and Israeli entities, with a focus on technology, government, defense, and healthcare.

article thumbnail

Magento Sites Vulnerable to RCE Stemming From Magmi Plugin Flaws

Threatpost

Two flaws - one of them yet to be fixed - are afflicting a third-party plugin used by Magento e-commerce websites.

90
article thumbnail

Apple Signs Shlayer, Legitimizes Malware

Dark Reading

Shlayer, a common macOS Trojan, received Apple's notary certification and place in the App Store -- twice.

Malware 103
article thumbnail

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.

article thumbnail

Announcing new reward amounts for abuse risk researchers

Google Security

Posted by Marc Henson, Lead and Program Manager, Trust & Safety; Anna Hupa, Senior Strategist, at Google It has been two years since we officially expanded the scope of Google’s Vulnerability Reward Program (VRP) to include the identification of product abuse risks. Thanks to your work, we have identified more than 750 previously unknown product abuse risks, preventing abuse in Google products and protecting our users.

Risk 75
article thumbnail

New Threat Activity by Lazarus Group Spells Trouble For Orgs

Dark Reading

The North Korea-backed group has launched several campaigns to raise revenue for cash-strapped nation's missile program, security experts say.

71
article thumbnail

Pioneer Kitten APT Sells Corporate Network Access

Threatpost

The Iran-based APT has infiltrated multiple VPNs using open-source tools and known exploits.

Hacking 80
article thumbnail

The Hacker Mind Podcast: Can a Machine Think Like A Hacker?

ForAllSecure

If you’re a fan of The Game of Thrones, then here’s a little known bit of trivia. In 1970, a young science fiction writer turned chess player, George RR Martin, played with his Northwestern University team against one of the fastest computers of the time -- and the humans won. It would take another 27 years before IBM’s Deep Blue defeated world chess champion Gary Kasparov, and -- how’s this for a coincidence?

Hacking 52
article thumbnail

Successful Change Management with Enterprise Risk Management

Speaker: William Hord, Vice President of ERM Services

A well-defined change management process is critical to minimizing the impact that change has on your organization. Leveraging the data that your ERM program already contains is an effective way to help create and manage the overall change management process within your organization. Your ERM program generally assesses and maintains detailed information related to strategy, operations, and the remediation plans needed to mitigate the impact on the organization.

article thumbnail

Poll: Help Wanted

Dark Reading

Is your security team hiring?

70
article thumbnail

A 32-Step PCI Compliance Checklist for Reference & Self-Check

Spinone

Does your company accept credit card payments from customers but lack practices for securing this information? If yes, you are walking on thin ice by risking your customers’ financial safety and your credibility as a company. But you, apparently, know that all already—that’s why you are here. What you should understand in the first place is that you can’t just tick all the checkboxes and meet PCI standards once and for all.

article thumbnail

MY TAKE: Lessons learned from the summer of script kiddies hacking Twitter, TikTok

The Last Watchdog

Graham Ivan Clark, Onel de Guzman and Michael Calce. These three names will go down in the history of internet commerce, right alongside Jack Dorsey, Mark Zuckerberg and Jeff Bezos. Related: How ‘Zero Trust’ is compatible with agile computing We’re all familiar with the high-profile entrepreneurs who gave us the tools and services that underpin our digital economy.

Hacking 127