BankInfoSecurity.com
China Using Powerful Hacking Firms to Run Its Espionage War
3 months ago
5 Cybersecurity Firms Provide Large Pool of Government-Funded Espionage Resources
China's cyberespionage campaigns, viewed as an extension of the communist regime's wider geopolitical moves, rely on civilian hackers from domestic security firms for much of their success. Researchers say these groups face off in intense rivalries for lucrative government contracts.
China's cyberespionage campaigns, viewed as an extension of the communist regime's wider geopolitical moves, rely on civilian hackers from domestic security firms for much of their success. Researchers say these groups face off in intense rivalries for lucrative government contracts.
Breach-Weary Snowflake Moves to MFA, 14-Character Passwords
3 months ago
New Security Measures Follow High-Profile Hacks of Snowflake Customers
Data warehousing platform Snowflake rolled out default MFA - as well as a 14-character password minimum - to shore up security in the wake of a series of cyberattacks in June that hit high-profile customers including Santander Bank, Advance Auto Parts, LA Unified School District and Neiman Marcus.
Data warehousing platform Snowflake rolled out default MFA - as well as a 14-character password minimum - to shore up security in the wake of a series of cyberattacks in June that hit high-profile customers including Santander Bank, Advance Auto Parts, LA Unified School District and Neiman Marcus.
US Indicts Chinese National for Phishing for NASA Tech
3 months ago
At-Large Wu Song, 39, Faces 28-Count Criminal Indictment
U.S. federal prosecutors indicted a Chinese national employed by a state-owned aerospace and defense conglomerate with a yearslong phishing campaign aimed at extracting software developed for NASA. Prosecutors said Song began sending out targeted emails in 2017.
U.S. federal prosecutors indicted a Chinese national employed by a state-owned aerospace and defense conglomerate with a yearslong phishing campaign aimed at extracting software developed for NASA. Prosecutors said Song began sending out targeted emails in 2017.
CloudImposer RCE Vulnerability Targets Google Cloud Platform
3 months ago
Attackers Could Exploit Flaw to Run Malicious Code on Google' s, Customers' Servers
Google patched a critical remote execution vulnerability in its cloud platform Cloud Composer service, "CloudImposer," which could have allowed attackers to compromise millions of servers, say researchers from Tenable. The CloudImposer vulnerability could lead to the Jenga Tower effect.
Google patched a critical remote execution vulnerability in its cloud platform Cloud Composer service, "CloudImposer," which could have allowed attackers to compromise millions of servers, say researchers from Tenable. The CloudImposer vulnerability could lead to the Jenga Tower effect.
Transforming Banking with Cloud, Low-Code, and Strategic Partnerships: Insights from AWS, Appian, and Xebia
3 months ago
Eliminating the Need for Stored Credentials in Healthcare
3 months 1 week ago
Authentication requiring stored credentials is not only vulnerable to phishing and other compromises, but using these credentials can also be cumbersome for busy clinicians, said Tina Srivastava, co-founder of Badge, a provider of deviceless, tokenless authentication technology.
Mobile Apps are the New Endpoint
3 months 1 week ago
Live Webinar | All the Ways the Internet is Surveilling You
3 months 1 week ago
Irish Data Protection Commission Probes Google's AI Model
3 months 1 week ago
Inquiry Launched to Determine the Company's Compliance With GDPR
The Irish data regulator launched an investigation to determine Google's compliance with a European privacy law when it was developing its PaLM 2 artificial intelligence model. Google launched the multilingual generative AI model last year.
The Irish data regulator launched an investigation to determine Google's compliance with a European privacy law when it was developing its PaLM 2 artificial intelligence model. Google launched the multilingual generative AI model last year.
Remote Access Tool Sprawl Increases OT Risks
3 months 1 week ago
Over-Deployment of Tools Raises Security and Operational Concerns
Excessive deployment of remote access tools in operational technology environments expands attack surfaces and creates operational challenges, warn security researchers from Claroty. Remote access tools are essential, but they introduce numerous potential vulnerabilities that threat actors exploit.
Excessive deployment of remote access tools in operational technology environments expands attack surfaces and creates operational challenges, warn security researchers from Claroty. Remote access tools are essential, but they introduce numerous potential vulnerabilities that threat actors exploit.
US Sanctions Russian Media for Secretly Funding Ukraine War
3 months 1 week ago
Biden Administration Hits Russian Media With More Sanctions for Covert Operations
The U.S. Department of State announced additional sanctions Friday against the Kremlin news outlet RT after officials received new information from employees of the organization that revealed how it has become a key component in the Russian military machine.
The U.S. Department of State announced additional sanctions Friday against the Kremlin news outlet RT after officials received new information from employees of the organization that revealed how it has become a key component in the Russian military machine.
Strider Secures $55M to Fuel AI Growth and Global Expansion
3 months 1 week ago
Series C Funds to Fuel AI Research, Government Sector Investment and Global Growth
Strider Technologies has raised $55 million in a Series C funding round to strengthen its AI capabilities and fuel global expansion efforts. The money will enhance the company’s AI-driven insights, support business with government agencies, and fuel international expansion in Europe and Asia.
Strider Technologies has raised $55 million in a Series C funding round to strengthen its AI capabilities and fuel global expansion efforts. The money will enhance the company’s AI-driven insights, support business with government agencies, and fuel international expansion in Europe and Asia.
Protect Your Amazon S3 Data: Why Versioning, Replication, and AWS Backup are Not Enough
3 months 1 week ago
Breach Roundup: Mexico in Hacker Spotlight
3 months 1 week ago
Also: Critical WHOIS Vulnerability Exposes Internet Security Flaw in .mobi Domains
This week, cyberthreats rising in Mexico; FBI warned of BEC scams; U.K. police arrested hacking suspect; Avis, Slim CD, Medicare and Fortinet disclosed breaches; Highline public schools reopened after cyberattack; a critical flaw was found in WHOIS; and Konni upped attacks on Russia, South Korea.
This week, cyberthreats rising in Mexico; FBI warned of BEC scams; U.K. police arrested hacking suspect; Avis, Slim CD, Medicare and Fortinet disclosed breaches; Highline public schools reopened after cyberattack; a critical flaw was found in WHOIS; and Konni upped attacks on Russia, South Korea.
UK Labels Data Centers as Critical National Infrastructure
3 months 1 week ago
British Government Says Data Centers Are 'Essential for Functioning of Society'
The U.K. government on Thursday designated data centers as part of its critical national infrastructure in a move intended to prevent the loss of sensitive user data during disruptive cyberattacks. A newly announced data center security team will monitor and anticipate potential cyberthreats.
The U.K. government on Thursday designated data centers as part of its critical national infrastructure in a move intended to prevent the loss of sensitive user data during disruptive cyberattacks. A newly announced data center security team will monitor and anticipate potential cyberthreats.
GPS Modernization Stalls as Pentagon Faces Chip Shortages
3 months 1 week ago
New Report Warns of Continued Delays and Deficiencies in Federal GPS Modernization
The Space Force is suffering from years of delays, setbacks and shortcomings in its Global Positioning System modernization program, according to a Government Accountability Office report, which found major deficiencies and testing issues that could hinder the United States competitiveness in space.
The Space Force is suffering from years of delays, setbacks and shortcomings in its Global Positioning System modernization program, according to a Government Accountability Office report, which found major deficiencies and testing issues that could hinder the United States competitiveness in space.
Kernel Mode Under the Microscope at Windows Security Summit
3 months 1 week ago
Company Focused on Safe Deployment Practices, Reducing Kernel Mode Dependencies
Cutting kernel mode dependencies and adopting safe deployment practices will make endpoint systems more resilient and secure for Windows customers. Tuesday's meeting came two months after a faulty CrowdStrike update disrupted 8.5 million Windows machines and caused $5.4 billion in direct losses.
Cutting kernel mode dependencies and adopting safe deployment practices will make endpoint systems more resilient and secure for Windows customers. Tuesday's meeting came two months after a faulty CrowdStrike update disrupted 8.5 million Windows machines and caused $5.4 billion in direct losses.
Why Hellman & Friedman Wants to Unload Checkmarx for $2.5B
3 months 1 week ago
More Competition, Ownership Turnover Among Peers Create an Appealing Time to Sell
Hellman & Friedman has met with several investments banks in recent weeks and will choose one to run the sale process for Paramus, New Jersey-based Checkmarx, in which it hopes to get at least $2.5 billion, Calcalist reported. The private equity firm bought Checkmarx for $1.15 billion in April 2020.
Hellman & Friedman has met with several investments banks in recent weeks and will choose one to run the sale process for Paramus, New Jersey-based Checkmarx, in which it hopes to get at least $2.5 billion, Calcalist reported. The private equity firm bought Checkmarx for $1.15 billion in April 2020.
Mental Health Records Database Found Exposed on Web
3 months 1 week ago
Cyber Researcher Reported Findings to Virtual Care Provider; Data Now Secured
An AI-powered virtual care provider's unsecured database allegedly exposed thousands of sensitive mental health and substance abuse treatment records between patients and their counselors on the internet - where they were available to anyone, said the security researcher who discovered the trove.
An AI-powered virtual care provider's unsecured database allegedly exposed thousands of sensitive mental health and substance abuse treatment records between patients and their counselors on the internet - where they were available to anyone, said the security researcher who discovered the trove.
Checked
5 hours ago
BankInfoSecurity.com RSS News Feeds on bank information security news, regulations, blogs and education
BankInfoSecurity.com feed