Krebs on Security

MARCH 17, 2023

The U.S. Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums , a popular English-language cybercrime forum where some of the world biggest hacked databases routinely show up for sale. The forum’s administrator “ Pompompurin ” has been a thorn in the side of the FBI for years, and BreachForums is widely considered a reincarnation of RaidForums , a remarkably similar crime forum that the FBI infiltrated and dismantled in 20

Data breaches 294

Data breaches Cybercrime Insurance Internet 294

Tech Republic Security

MARCH 17, 2023

Some 12% of employees take customer details, health records, sales contracts and other confidential data when leaving a company, according to DTEX. The post How to prevent data theft by existing and departing employees appeared first on TechRepublic.

Risk 163

Risk Cybersecurity 163

Bleeping Computer

MARCH 17, 2023

The NBA (National Basketball Association) is notifying fans of a data breach after some of their personal information, "held" by a third-party newsletter service, was stolen. [.

Data breaches 140

Data breaches 140

CyberSecurity Insiders

MARCH 17, 2023

After Rubrik, Hitachi Energy issued a public statement that some of its customer accounts might have been compromised, after a ransomware attack took place on a third-party software called Fortra GoAnywhere MFT. Clop ransomware gang is the company that managed to infiltrate the servers and siphon data and a portion of employee data might have been compromised.

Software 136

Software Ransomware Data breaches Financial Services 136

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Graham Cluley

MARCH 17, 2023

Well, this isn’t good. Google has issued a warning that some Android phones can be hacked remotely, without the intended victim having to click on anything.

Hacking 145

Hacking 145

Bleeping Computer

MARCH 17, 2023

Microsoft is working on a non-custodial built-in Ethereum crypto wallet for Microsoft Edge to allow users to send and receive cryptocurrency and NFTs. [.

Cryptocurrency 142

Cryptocurrency 142

Bleeping Computer

MARCH 17, 2023

U.S. law enforcement arrested on Wednesday a New York man believed to be Pompompurin, the owner of the BreachForums hacking forum. [.

Cybercrime 144

Cybercrime Hacking 144

Security Boulevard

MARCH 17, 2023

A common misconception of small business owners is that they can fly under the radar when it comes to ransomware, social engineering, and other cyberattacks. But it turns out that the opposite is true. The post The Small Business Fallacy – Why You Need Cybersecurity and Insurance More Than Ever appeared first on Security Boulevard.

Small Business 122

Small Business Insurance Social Engineering Cybersecurity 122

We Live Security

MARCH 17, 2023

How cybercriminals can exploit Silicon Valley Bank's downfall for their own ends – and at your expense The post SVB’s collapse is a scammer’s dream: Don’t get caught out appeared first on WeLiveSecurity

Banking 118

Banking Scams 118

Bleeping Computer

MARCH 17, 2023

Hitachi Energy confirmed it suffered a data breach after the Clop ransomware gang stole data using a zero-day GoAnyway zero-day vulnerability. [.

Data breaches 132

Data breaches Ransomware 132

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

CSO Magazine

MARCH 17, 2023

Microsoft released its monthly security bulletin this week, covering patches for over 80 vulnerabilities across its products. However, two of them had already been used by attackers before patches were released. One vulnerability affects all supported versions of Outlook for Windows and allows attackers to steal Net-NTLMv2 hashes and then use them in NTLM (New Technology LAN Manager) relay attacks against other systems.

Technology 114

Technology Internet Internet 114

Bleeping Computer

MARCH 17, 2023

Ukraine's cyberpolice has arrested the developer of a remote access trojan (RAT) malware that infected over 10,000 computers while posing as game applications. [.

Malware 122

Malware 122

Security Boulevard

MARCH 17, 2023

Unlock the power of Cybersecurity Mesh Architecture (CSMA) to enhance SaaS security. Discover how it can improve compliance and protect your organization. The post Using a Cybersecurity Mesh Architecture (CSMA) for SaaS Secu appeared first on Security Boulevard.

Architecture 115

Architecture Cybersecurity 115

The Hacker News

MARCH 17, 2023

U.S. law enforcement authorities have arrested a New York man in connection with running the infamous BreachForums hacking forum under the online alias "Pompompurin." The development, first reported by Bloomberg Law, comes after News 12 Westchester, earlier this week, said that federal investigators "spent hours inside and outside of a home in Peekskill.

Hacking 104

Hacking 104

Advertisement

Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Security Boulevard

MARCH 17, 2023

If a new survey from API and application protection vendor ThreatX is accurate, a majority of U.S. consumers are less likely to work with a company following a data breach. At least, they claim that they are. The ThreatX survey highlighted consumers’ evolving attitudes toward data breach concerns and their purported willingness to pay more. The post Will Consumers Punish Vendors That Suffer a Data Breach?

Data breaches 111

Data breaches Data privacy Risk Government 111

Graham Cluley

MARCH 17, 2023

Security researchers have released a new decryption tool which should come to the rescue of some victims of a modified version of the Conti ransomware, helping them to recover their encrypted data for free. Read more in my article on the Tripwire State of Security blog.

Ransomware 104

Ransomware Encryption Malware 104

Digital Guardian

MARCH 17, 2023

Hackers are taking advantage of SVB’s failure, scammers are leveraging psychological manipulation to empty victims’ crypto wallets, and TikTok may be in jeopardy in the U.S. Catch up on these stories and more in this week’s Friday Five!

Banking 98

Banking Scams 98

Security Boulevard

MARCH 17, 2023

Today, an organization’s brand and reputation are intrinsically tied to its data security and privacy protections. Years ago, we couldn’t foresee the potential impact of digital technology innovations on brand stability. Network connectivity and digital transformation are a double-edged sword that holds the key to brand promotion and protection while also exposing companies to great.

Internet 98

Internet Internet Digital transformation Technology 98

Advertisement

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

Healthcare

The Hacker News

MARCH 17, 2023

A new Golang-based botnet dubbed HinataBot has been observed to leverage known flaws to compromise routers and servers and use them to stage distributed denial-of-service (DDoS) attacks.

DDOS 97

DDOS Malware 97

Dark Reading

MARCH 17, 2023

The chances of getting hacked are no longer low. Companies need to rethink their data collection and monitoring strategies to protect employee privacy and corporate integrity.

Data collection 97

Data collection Hacking 97

The Hacker News

MARCH 17, 2023

An Android voice phishing (aka vishing) malware campaign known as FakeCalls has reared its head once again to target South Korean users under the guise of over 20 popular financial apps. "FakeCalls malware possesses the functionality of a Swiss army knife, able not only to conduct its primary aim but also to extract private data from the victim's device," cybersecurity firm Check Point said.

Malware 97

Malware Phishing Cybersecurity 97

Security Affairs

MARCH 17, 2023

A new Golang-based DDoS botnet, tracked as HinataBot, targets routers and servers by exploiting known vulnerabilities. Akamai researchers spotted a new DDoS Golang-based botnet, dubbed HinataBot, which has been observed exploiting known flaws to compromise routers and servers. The experts reported that the HinataBot bot was seen being distributed since the beginning of 2023 and its operators are actively updating it.

DDOS 97

DDOS Passwords Engineering Hacking 97

Advertisement

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.

Identity Theft

The Hacker News

MARCH 17, 2023

U.S. government agencies have released a joint cybersecurity advisory detailing the indicators of compromise (IoCs) and tactics, techniques, and procedures (TTPs) associated with the notorious LockBit 3.0 ransomware. "The LockBit 3.0 ransomware operations function as a Ransomware-as-a-Service (RaaS) model and is a continuation of previous versions of the ransomware, LockBit 2.

Ransomware 95

Ransomware Government Cybersecurity 95

Security Affairs

MARCH 17, 2023

Hitachi Energy disclosed a data breach, the Clop ransomware gang stole the company data by exploiting the recent GoAnywhere zero-day flaw. Hitachi Energy disclosed a data breach, the company was hacked by the Clop ransomware gang that stole its data by exploiting the recently disclosed zero-day vulnerability in the GoAnywhere MFT (Managed File Transfer).

Data breaches 96

Data breaches Ransomware Banking Data privacy 96

The Hacker News

MARCH 17, 2023

Copycat websites for instant messaging apps like Telegram and WhatApp are being used to distribute trojanized versions and infect Android and Windows users with cryptocurrency clipper malware. "All of them are after victims' cryptocurrency funds, with several targeting cryptocurrency wallets," ESET researchers Lukáš Štefanko and Peter Strýček said in a new analysis.

Cryptocurrency 92

Cryptocurrency Malware 92

Naked Security

MARCH 17, 2023

Despite its usually inflexible 0-day disclosure policy, Google is keeping four mobile modem bugs semi-secret due to likely ease of exploitation.

Mobile 108

Mobile 108

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?

Cybersecurity

The Hacker News

MARCH 17, 2023

In the modern corporate IT environment, which relies on cloud connectivity, global connections and large volumes of data, the browser is now the most important work interface. The browser connects employees to managed resources, devices to the web, and the on-prem environment to the cloud one.

91

91

Dark Reading

MARCH 17, 2023

A more holistic model beyond MITRE et al is needed to help defenders better identify and understand commonalities in different online threat campaigns, the Facebook parent company says.

87

87

Security Affairs

MARCH 17, 2023

An alleged Chinese threat actor group is behind attacks on government organizations exploiting a Fortinet zero-day flaw (CVE-2022-41328). A suspected China-linked group is exploiting a Fortinet zero-day vulnerability, tracked as CVE-2022-41328 , in attacks aimed at government organizations. A few days ago, Fortinet researchers warned of an advanced threat actor that is targeting governmental or government-related entities.

Firewall 89

Firewall Manufacturing Government Firmware 89

Dark Reading

MARCH 17, 2023

Snowballing PoC exploits for CVE-2023-23397 and a massive attack surface means almost business user could be a victim.

108

108

Speaker: Erika R. Bales, Esq.

When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.