Tue.Jun 13, 2023

article thumbnail

E-Commerce Firms Are Top Targets for API, Web Apps Attacks

Data Breach Today

Akamai: Rapid Digitalization, Flawed Code Led to 14 Billion Attacks in Past Year Hackers hit the e-commerce industry with 14 billion attacks in 15 months, pushing it to the top of the list of targets for web application and API exploits. A new Akamai report blames digitalization and the wide range of vulnerabilities hackers can exploit in web applications.

IT 274
article thumbnail

Microsoft Patch Tuesday, June 2023 Edition

Krebs on Security

Microsoft Corp. today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. This month’s relatively light patch load has another added bonus for system administrators everywhere: It appears to be the first Patch Tuesday since March 2022 that isn’t marred by the active exploitation of a zero-day vulnerability in Microsoft’s products.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Rural Healthcare Provider Closing Due in Part to Attack Woes

Data Breach Today

St. Margaret's Health Is Permanently Shutting Hospitals and Clinics A rural Illinois medical system will shut down on Friday partly due to fallout from a 2021 ransomware incident as the toll of a wave of extortionate malware exacts rising costs from the healthcare industry. "These problems have no end in sight," said Mike Hamilton of security firm Critical Insight.

article thumbnail

Analysis: Social Engineering Drives BEC Losses to $50B Globally

Dark Reading

Threat actors have grown increasingly sophisticated in applying social engineering tactics against their victims, which is key to this oft-underrated cybercriminal scam's success.

116
116
article thumbnail

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Speaker: Maher Hanafi, VP of Engineering at Betterworks & Tony Karrer, CTO at Aggregage

Executive leaders and board members are pushing their teams to adopt Generative AI to gain a competitive edge, save money, and otherwise take advantage of the promise of this new era of artificial intelligence. There's no question that it is challenging to figure out where to focus and how to advance when it’s a new field that is evolving everyday. 💡 This new webinar featuring Maher Hanafi, CTO of Betterworks, will explore a practical framework to transform Generative AI prototypes into

article thumbnail

Spotify Fined 5 Million Euros for GDPR Violations

Data Breach Today

Online Music Streamer Will Appeal Decision From Swedish Data Protection Authority Swedish privacy regulators ordered Spotify to pay 5 million euros after finding the music streaming service not forthcoming enough with how it uses consumer data. Spotify in an emailed statement said the investigation revealed that "only minor areas of our process" were at odds with the GDPR.

GDPR 252

More Trending

article thumbnail

Thales to Buy Tesserent for $119.1M to Aid Australian Growth

Data Breach Today

Tesserent's $125.1M Business Will Extend Thales' Services Capabilities in Australia A French conglomerate will buy Australia's largest publicly traded cybersecurity company to expand its cyber service delivery capability in the high-growth Oceania market. The Tesserent deal will help Thales to accelerate its development road map and boost its footprint in Australia and New Zealand.

Marketing 143
article thumbnail

Why Critical Infrastructure Remains a Ransomware Target

Dark Reading

While protecting critical infrastructure seems daunting, here are some critical steps the industry can take now to become more cyber resilient and mitigate risks.

article thumbnail

Gozi Host 'Virus' Sentenced to 3 Years in US Prison

Data Breach Today

Mihai Ionut Paunescu Provided 'Bulletproof Hosting' for Trojans Mihai Ionut Paunescu, who hosted "bulletproof" infrastructure for malware, received a prison sentence of 36 months. His sentencing concludes a 10-year effort by prosecutors against a trio of hackers who created and distributed the Gozi banking Trojan.

143
143
article thumbnail

The benefits of automated attack surface management

IBM Big Data Hub

Can security teams keep up with attack surface risks without automated processes? Survey data indicates that the answer is no. In a 2023 survey of IT and cybersecurity professionals , nearly three-quarters (72%) said attack surface discovery alone takes more than 40 person-hours to complete. That does not include the additional time it takes for security teams to analyze the discovery data, prioritize actions and mitigate risks.

Risk 93
article thumbnail

Navigating the Future: Generative AI, Application Analytics, and Data

Generative AI is upending the way product developers & end-users alike are interacting with data. Despite the potential of AI, many are left with questions about the future of product development: How will AI impact my business and contribute to its success? What can product managers and developers expect in the future with the widespread adoption of AI?

article thumbnail

Windows PGM Accounts for Half of Patch Tuesday’s Critical Flaws

eSecurity Planet

Microsoft’s Patch Tuesday for June 2023 addresses 78 vulnerabilities, a significant increase from last month’s total of 37. While six of the flaws are critical, Microsoft says none are currently being exploited in the wild. The six critical vulnerabilities are as follows: CVE-2023-24897 , a remote code execution vulnerability in.NET,NET Framework, and Visual Studio, with a CVSS score of 7.8 CVE-2023-29357 , an elevation of privilege vulnerability in Microsoft SharePoint Server, with

article thumbnail

St. Margaret’s Health is the first hospital to cite a cyberattack as a reason for its closure

Security Affairs

St. Margaret’s Health in Illinois is partly closing operations at its hospitals due to a 2021 ransomware attack that impacted its payment system. In February 2021a ransomware attack hit the St. Margaret’s Health in Illinois and forced the organization to shutdown of IT infrastructure at the Spring Valley hospital to contain the threat. The cyber attack did not impact the Peru branch because it relies on a separate infrastructure The payment system was taken offline for months, which caused delay

IT 91
article thumbnail

UFO Whistleblower, Meet a Conspiracy-Loving Congress

WIRED Threat Level

Fresh claims from a former US intelligence officer about an “intact” alien craft may get traction on Capitol Hill, where some lawmakers want to believe.

article thumbnail

Identifying the Idaho Killer

Schneier on Security

The New York Times has a long article on the investigative techniques used to identify the person who stabbed and killed four University of Idaho students. Pay attention to the techniques: The case has shown the degree to which law enforcement investigators have come to rely on the digital footprints that ordinary Americans leave in nearly every facet of their lives.

Sales 86
article thumbnail

Get Better Network Graphs & Save Analysts Time

Many organizations today are unlocking the power of their data by using graph databases to feed downstream analytics, enahance visualizations, and more. Yet, when different graph nodes represent the same entity, graphs get messy. Watch this essential video with Senzing CEO Jeff Jonas on how adding entity resolution to a graph database condenses network graphs to improve analytics and save your analysts time.

article thumbnail

How Security Leaders Should Approach Cybersecurity Startups

Dark Reading

Vendors and buyers both have the power to make the industry a better place. What's needed is more collaboration, mutual support, and respect.

article thumbnail

A database containing data of +8.9 million Zacks users was leaked online

Security Affairs

A database containing the personal information of more than 8.9 million Zacks Investment Research users was leaked on a cybercrime forum. A database containing personal information of 8,929,503 Zacks Investment Research users emerged on a popular hacking forum on June 10, 2023. Zacks is the leading investment research firm focusing on stock research, analysis, and recommendations.

article thumbnail

Popular Apparel, Clothing Brands Being Used in Massive Phishing Scam

Dark Reading

Threat actors have created over 3,000 domains, some as old as two years, to lure in customers to false, name brand websites for personal financial gain.

article thumbnail

Microsoft Patch Tuesday for June 2023 fixes 6 critical flaws

Security Affairs

Microsoft Patch Tuesday security updates for June 2023 fixed 69 flaws in its products, including six critical issues. Microsoft Patch Tuesday security updates for June 2023 fixed 69 vulnerabilities in multiple products, including Microsoft Windows and Windows Components; Office and Office Components; Exchange Server; Microsoft Edge (Chromium-based); SharePoint Server; NET and Visual Studio; Microsoft Teams; Azure DevOps; Microsoft Dynamics; and the Remote Desktop Client.

article thumbnail

How Embedded Analytics Gets You to Market Faster with a SAAS Offering

Start-ups & SMBs launching products quickly must bundle dashboards, reports, & self-service analytics into apps. Customers expect rapid value from your product (time-to-value), data security, and access to advanced capabilities. Traditional Business Intelligence (BI) tools can provide valuable data analysis capabilities, but they have a barrier to entry that can stop small and midsize businesses from capitalizing on them.

article thumbnail

App installers just leveled up.

Jamf

App installers, already an indispensable tool for Apple admins to automate and streamline deployment and updates of third-party apps, has added new functionality Jamf Nation has been clamoring for: deployment via Self Service and end-user notification customization.

83
article thumbnail

Fortinet urges to patch the critical RCE flaw CVE-2023-27997 in Fortigate firewalls

Security Affairs

Fortinet addressed a new critical flaw, tracked as CVE-2023-27997, in FortiOS and FortiProxy that is likely exploited in a limited number of attacks. Fortinet has finally published an official advisory about the critical vulnerability, tracked as CVE-2023-27997 (CVSS score: 9.2), impacting FortiOS and FortiProxy. “A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiProxy SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafte

article thumbnail

Webinar: Southern California Inland Empire ARMA Chapter presents “Planning your IG Compliance Roadmap” on June 12, 2023 at Noon Pacific

IG Guru

Please join us for our next Chapter Meeting (via Webinar) on Wednesday, June 21, 2023 from 12:00 – 1:00 Pacific Standard Time. Planning your IG Compliance Roadmap Achieving IG compliance is a journey that can’t be completed without a roadmap.

article thumbnail

State-Based Cyber Attacks Continue to Be a Thorn in the Cyber Insurer's Side

KnowBe4

As government-sponsored and widespread vulnerability attacks continue to result in larger damages, cyber insurers are looking for opportunities to still meet demand without incurring risk.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

LLM meets Malware: Starting the Era of Autonomous Threat

Security Affairs

Malware researchers analyzed the application of Large Language Models (LLM) to malware automation investigating future abuse in autonomous threats. Executive Summary In this report we shared some insight that emerged during our exploratory research, and proof of concept, on the application of Large Language Models to malware automation, investigating how a potential new kind of autonomous threats would look like in the near future.

article thumbnail

CyberheistNews Vol 13 #24 [The Mind's Bias] Pretexting Now Tops Phishing in Social Engineering Attacks

KnowBe4

CyberheistNews Vol 13 #24 | June 13th, 2023 [The Mind's Bias] Pretexting Now Tops Phishing in Social Engineering Attacks The New Verizon DBIR is a treasure trove of data. As we will cover a bit below, Verizon reported that 74% of data breaches Involve the "Human Element," so people are one of the most common factors contributing to successful data breaches.

article thumbnail

Harness the Power of PKI to Battle Data Breaches

Dark Reading

The average cost of a data breach is $4.35 million. Understand the power of public key infrastructure (PKI) and its role in encrypting data and battling breaches.

article thumbnail

A Master Class on Cybersecurity: Roger Grimes Teaches Password Best Practices

KnowBe4

What really makes a “strong” password? And why are you and your end-users continually tortured by them? How do hackers crack your passwords with ease? And what can/should you do to improve your organization’s authentication methods?

article thumbnail

Embedding BI: Architectural Considerations and Technical Requirements

While data platforms, artificial intelligence (AI), machine learning (ML), and programming platforms have evolved to leverage big data and streaming data, the front-end user experience has not kept up. Holding onto old BI technology while everything else moves forward is holding back organizations. Traditional Business Intelligence (BI) aren’t built for modern data platforms and don’t work on modern architectures.

article thumbnail

UK communications regulator Ofcom hacked with a MOVEit file transfer zero-day

Security Affairs

UK communications regulator Ofcom suffered a data breach after a Clop ransomware attack exploiting the MOVEit file transfer zero-day. UK’s communications regulator Ofcom disclosed a data breach after a Clop ransomware attack. The threat actors exploited the zero-day flaw ( CVE-2023-34362 ,) in MOVEit file transfer and access the infrastructure of the regulator.

article thumbnail

FDIC, FRB and OCC Issue Interagency Guidance on Third-Party Relationships

Hunton Privacy

On June 6, 2023, the Federal Deposit Insurance Corporation (“FDIC”), the Board of Governors of the Federal Reserve System (“FRB”) and the Office of the Comptroller of the Currency (“OCC”) issued their final Interagency Guidance on Third-Party Relationships (“Guidance”). The Guidance provides principles that banking organizations should consider when developing and implementing risk management practices for all stages in the life cycle of third-party relationships.

Risk 64
article thumbnail

85% of Organizations Have Experienced At Least One Ransomware Attack in the Last Year

KnowBe4

Ransomware attacks are as pervasive as ever, with new data demonstrating just how impactful the attacks really are.