Krebs on Security

APRIL 4, 2023

Several domain names tied to Genesis Market , a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. Sources tell KrebsOnsecurity the domain seizures coincided with “dozens” of arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly

Marketing 363

Marketing Passwords Cybercrime Banking 363

Schneier on Security

APRIL 4, 2023

News : Researchers at Russian cybersecurity firm Kaspersky today revealed that they identified a small number of cryptocurrency-focused firms as at least some of the victims of the 3CX software supply-chain attack that’s unfolded over the past week. Kaspersky declined to name any of those victim companies, but it notes that they’re based in “western Asia.” Security firms CrowdStrike and SentinelOne last week pinned the operation on North Korean hackers, who compromised 3C

Cryptocurrency 250

Cryptocurrency Hacking Software Cybersecurity 250

Tech Republic Security

APRIL 4, 2023

This bundle’s 26 courses cover ethical hacking, certification exams and much more, including US and EU requirements. The post Learn how to provide your company with maximum security for $79 appeared first on TechRepublic.

Hacking 167

Hacking 167

SecureWorld News

APRIL 4, 2023

As if tax season is not stressful enough—and the filing deadline of Tuesday, April 18, is fast approaching—security researchers have discovered a malicious JavaScript file has existed for weeks on eFile.com, an IRS-authorized electronic filing software service provider. This security incident specifically concerns eFile.com and not identical sounding domains or IRS e-file infrastructure.

Computers and Electronics 145

Computers and Electronics Software Government Malware 145

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Security Boulevard

APRIL 4, 2023

$8.50 per child: UK regulator punishes TikTok at 5.5% of revenue. Says app illegally tracked children. The post TikTok Abused Kids’ Data — UK Fines it $16 Million appeared first on Security Boulevard.

Social Engineering 145

Social Engineering Engineering Security Awareness Mobile 145

Bleeping Computer

APRIL 4, 2023

HP announced in a security bulletin this week that it would take up to 90 days to patch a critical-severity vulnerability that impacts the firmware of certain business-grade printers. [.

Firmware 144

Firmware 144

Naked Security

APRIL 4, 2023

Imagine tiling a whole football field using a single shape. yet not being able to produce a repeating pattern, even if you wanted to.

128

128

Dark Reading

APRIL 4, 2023

The malware is one of the most sophisticated ransomwares ever seen in the wild, and marks a leap ahead for cybercrime.

Ransomware 133

Ransomware Encryption Cybercrime Malware 133

CyberSecurity Insiders

APRIL 4, 2023

Anonymous Sudan, a group of Hackers claiming to be as Palestinians, launched a distributed denial of service attack on Israel-based cybersecurity company Check Point. The concerning part of this attack is that the hackers claim to launch a stronger version of a similar attack on April 7th of this year and hope to take down the website completely. After the statement release on Telegram by the hacker’s, CheckPoint started reassessing its security practices and claims to have the strongest measure

DDOS 125

DDOS Data breaches Cyber Attacks Media 125

Heimadal Security

APRIL 4, 2023

Western Digital announced that they discovered a network breach had affected their systems, starting March 26th. Threat actors managed to obtain unauthorized access to several of the Company’s systems. While law authorities are still investigating, Western Digital claims the intruder already got to exfiltrate a certain amount of data. However, at the moment the data […] The post My Cloud Goes Down While Data Storage Giant Announces Network Breach appeared first on Heimdal Security Blog.

Cybersecurity 116

Cybersecurity 116

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

CyberSecurity Insiders

APRIL 4, 2023

With the advent of advanced technology, there has been an explosion of innovative solutions that have revolutionized various industries. One such technology that has gained widespread adoption is ChatGPT – an artificial intelligence-powered chatbot that has been created by OpenAI. This chatbot has not only made life easier for people but has also created job opportunities in various industries.

Artificial Intelligence 120

Artificial Intelligence Healthcare Education Marketing 120

Security Boulevard

APRIL 4, 2023

The U.S. Department of Justice (DoJ) and the Department of Commerce launched a “Disruptive Technology Strike Force” to investigate and prosecute criminal violations of U.S. export control laws. The aim is to prevent foreign actors from obtaining potentially sensitive technologies, including semiconductors. The strike force will bring together government experts, including the FBI, Homeland Security.

Government 116

Government Technology IoT Risk 116

CyberSecurity Insiders

APRIL 4, 2023

In March 2023, Darktrace commissioned a global survey with Censuswide to 6,711 employees across the UK, US, France, Germany, Australia, and the Netherlands to gather third-party insights into human behavior around email, to better understand how employees globally react to potential security threats, their understanding of email security and the modern technologies that are being used as a tool to transform the threats against them.

Cyber Attacks 119

Cyber Attacks Social Engineering Scams Phishing 119

Bleeping Computer

APRIL 4, 2023

The domains for Genesis Market, one of the most popular marketplaces for stolen credentials of all types, were seized by law enforcement earlier this week as part of Operation Cookie Monster. [.

Marketing 115

Marketing 115

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

CSO Magazine

APRIL 4, 2023

Multiple attacker groups are using a malicious browser extension for Chromium-based browsers such as Google Chrome, Microsoft Edge, Brave, and Opera that's aimed at stealing cryptocurrency assets from multiple websites and online wallets. The extension works by injecting rogue code into websites locally in the browser to defeat two-factor authentication and delete automated alerts from mailboxes.

Cryptocurrency 114

Cryptocurrency Authentication Advertising Malware 114

Dark Reading

APRIL 4, 2023

Have you ever wondered how they design blue team exercises? One ransomware and cyber extortion simulation demonstrates the best practices.

Ransomware 113

Ransomware 113

CSO Magazine

APRIL 4, 2023

In a recent report issued by the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) titled “ Russia’s Cyber Tactics: Lessons Learned in 2022 — SSSCIP analytical report on the year of Russia’s full-scale cyberwar against Ukraine ” readers obtained a 10,000-foot overview of what a hot cyberwar entails from the Ukrainian perspective.

Government 109

Government 109

WIRED Threat Level

APRIL 4, 2023

Italy’s recent ban of Open AI’s generative text tool may just be the beginning of ChatGPT's regulatory woes.

106

106

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Boulevard

APRIL 4, 2023

The White House and TikTok’s critics in Congress have made it clear: They consider TikTok a dangerous social media app and national security threat. Throughout the March 23, 2023, congressional hearing, TikTok CEO Shou Zi Chew defended the company against these charges. Still, lawmakers strongly supported a full ban on the popular short-video app owned.

Media 105

Media Risk Government Cybersecurity 105

WIRED Threat Level

APRIL 4, 2023

Digging through manuals for security cameras, a group of gearheads found sinister details and ignited a new battle in the US-China tech war.

Surveillance 105

Surveillance 105

We Live Security

APRIL 4, 2023

Spring is in the air and as the leaves start growing again, why not breathe some new life into the devices you depend on so badly?

102

102

CyberSecurity Insiders

APRIL 4, 2023

The government of Malta has introduced an innovative service to replace human-interfaced customer care with one powered by AI chatbots. The nation, located on the North African coast, resorted to this move to put an end to the dispensing of favors or jobs by ministers in exchange for materialistic bribes. Generally, when someone calls the Malta government’s customer care, they start interacting with human employees who then connect them to related ministries.

Artificial Intelligence 101

Artificial Intelligence Government Cybersecurity 101

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

CSO Magazine

APRIL 4, 2023

The UK's Information Commission’s Office reminds organizations that data protection laws still apply to unfiltered data used to train large language models.

101

101

The Hacker News

APRIL 4, 2023

Cybersecurity researchers have taken the wraps off a previously undocumented ransomware strain called Rorschach that's both sophisticated and fast. "What makes Rorschach stand out from other ransomware strains is its high level of customization and its technically unique features that have not been seen before in ransomware," Check Point Research said in a new report.

Ransomware 99

Ransomware Cybersecurity 99

CSO Magazine

APRIL 4, 2023

Chinese-owned social media sensation TikTok has been fined almost $16 million for violating provisions of the UK’s General Data Protection Regulation.

Media 100

Media 100

Bleeping Computer

APRIL 4, 2023

eFile.com, an IRS-authorized e-file software service provider used by many for filing their tax returns, has been caught serving JavaScript malware. [.

Software 99

Software Malware 99

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Malwarebytes

APRIL 4, 2023

In the April 2023 Android security bulletin , Google announced security updates which include fixes for two critical remote code execution (RCE) vulnerabilities and one vulnerability that has been exploited in the wild. The vulnerabilities are impacting Android systems running versions 11, 12, 12L, and 13. Users should update as soon as they can. What needs to be done If your Android is on security patch level 2023-04-05 or later, this will address all of these issues.

Software 98

Software Risk Cybersecurity 98

Security Affairs

APRIL 4, 2023

An ALPHV/BlackCat ransomware affiliate was spotted exploiting vulnerabilities in the Veritas Backup solution. An affiliate of the ALPHV/BlackCat ransomware gang, tracked as UNC4466, was observed exploiting three vulnerabilities in the Veritas Backup solution to gain initial access to the target network. Unlike other ALPHV affiliates, UNC4466 doesn’t rely on stolen credentials for initial access to victim environments.

Backups 98

Backups Ransomware Authentication Penetration Testing 98

Malwarebytes

APRIL 4, 2023

Western Digital , a big brand in digital storage, says it has suffered a " network security incident —potentially ransomware—which resulted in a breach and some system disruptions in its business operations. The company identified the incident on March 26 and said an unnamed third party unlawfully accessed several computer systems to steal data.

Wireless 98

Wireless Backups Ransomware Network Security 98

Security Affairs

APRIL 4, 2023

US CISA has added a Zimbra flaw, which was exploited in attacks targeting NATO countries, to its Known Exploited Vulnerabilities catalog U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Zimbra flaw, tracked as CVE-2022-27926 , to its Known Exploited Vulnerabilities Catalog. The CVE-2022-27926 flaw affects Zimbra Collaboration version 9.0.0, which is used to host publicly-facing webmail portals.

Phishing 98

Phishing Government Spyware Passwords 98

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!