Thu.Jun 06, 2024

article thumbnail

Cryptohack Roundup: Robinhood to Acquire Bitstamp

Data Breach Today

Also: FBI Warns About Work-From-Home Scammers Demanding Crypto This week, Robinhood said it will acquire Bitstamp in a $200 million deal, a senior promoter of the Forcount crypto Ponzi scheme pleaded guilty, crypto scammers targeted work-from-home job seekers, and Tether and CoinGecko warned of crypto phishing attacks.

Phishing 283
article thumbnail

Microsoft's Recall Feature Is Even More Hackable Than You Thought

WIRED Threat Level

A new discovery that the AI-enabled feature's historical data can be accessed even by hackers without administrator privileges only contributes to the growing sense that the feature is a “dumpster fire.

Access 145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft Says Azure Cloud Attack Scenario Isn't a Flaw

Data Breach Today

Redmond Calls Tenable Report Evidence of Customers Misconstruing Azure Service Tags Microsoft is calling security research asserting a high-severity vulnerability exists in Microsoft Azure evidence that customers should better configure their cloud environments. An attacker with an Azure instance could obtain access to company resources by sending customizable HTTP requests.

Cloud 281
article thumbnail

The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever

WIRED Threat Level

The number of alleged hacks targeting the customers of cloud storage firm Snowflake appears to be snowballing into one of the biggest data breaches of all time.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Breach Roundup: Microsoft Deprecates NTLM Authentication

Data Breach Today

Also: Hacker Sells Data Obtained Through Snowflake Attack This week, Microsoft deprecated NTLM authentication, a hacker put apparently stolen Snowflake data up for sale, Ticketmaster confirmed its breach, Cisco patched Webex vulnerabilities, pro-Russian hacktivists claimed a DDoS attack in Spain and Kaspersky launched a free virus removal tool for Linux.

More Trending

article thumbnail

US Regulators Intensify Antitrust Scrutiny of AI Developers

Data Breach Today

DOJ and FTC to Launch Antitrust Investigations Into Microsoft, OpenAI and Nvidia The Justice Department and the Federal Trade Commission reportedly reached an agreement Thursday that will allow U.S. regulators to move forward with long-anticipated antitrust investigations into the leading developers of commercial artificial intelligence products.

article thumbnail

The Lords of Silicon Valley Are Thrilled to Present a ‘Handheld Iron Dome’

WIRED Threat Level

ZeroMark wants to build a system that will let soldiers easily shoot a drone out of the sky with the weapons they’re already carrying—and venture capital firm a16z is betting the startup can pull it off.

IT 140
article thumbnail

Meta's AI Model Training Comes Under European Scrutiny

Data Breach Today

Austrian Privacy Group Lodges Complaints With 11 European Regulators Against Meta Meta's plan to train artificial intelligence with data generated by Facebook and Instagram users faces friction in Europe after a rights group alleged it violates continental privacy law. Austrian privacy organization NOYB said it lodged complaints against Meta with 11 European data regulators.

article thumbnail

A new Linux version of TargetCompany ransomware targets VMware ESXi environments

Security Affairs

A new Linux variant of the TargetCompany ransomware family targets VMware ESXi environments using a custom shell script. A new variant of the TargetCompany ransomware group uses a custom shell script as a means of payload delivery and execution, this is the first time the technique was observed in the wild. The script was also used for data exfiltration, the stolen data are sent to two different servers so the ransomware actors have a backup of the information.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Wiz Counters Orca Security's Patent Infringement Allegations

Data Breach Today

Wiz Hits Back With Counterclaims, Says Orca Copied Patented Cloud Security Features In a clash of cloud security titans, Wiz denied all claims made by rival Orca Security of patent infringement and unauthorized use of proprietary information. Instead, Wiz said Orca copied its technological advancements and used confidential information to enhance its own products.

Security 162
article thumbnail

RansomHub operation is a rebranded version of the Knight RaaS

Security Affairs

Researchers believe the RansomHub ransomware-as-a-service is a rebranded version of the Knight ransomware operation. Cybersecurity experts who analyzed the recently emerged ransomware operation RansomHub speculate that is is a rebranded version of Knight ransomware. Knight, also known as Cyclops 2.0, appeared in the threat landscape in May 2023. The malware targets multiple platforms, including Windows, Linux, macOS, ESXi, and Android.

article thumbnail

Renewed Info Stealer Campaign Targets Ukrainian Military

Data Breach Today

CERT-UA Says Threat Actor 'Vermin' Used Syncthing Application Ukrainian cyber defenders say Russian intelligence hackers operating from the occupied Donbas city of Luhansk targeted military email inboxes with an info stealer. A group tracked as UAC-0020 - also known as "Vermin" - deployed a malware strain dubbed "Spectr" as part of a spear-phishing campaign.

Military 162
article thumbnail

26% of Global Organizations Lack Security Training Programs

KnowBe4

More than a quarter (26%) of organizations around the world provide no security awareness training for their employees, according to a survey by Hornetsecurity. The researchers found that smaller companies in particular tend to lack security training programs.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Espionage with a Drone

Schneier on Security

The US is using a World War II law that bans aircraft photography of military installations to charge someone with doing the same thing with a drone.

Military 116
article thumbnail

“Operation Endgame” Ends with the Arrest of 4 Cybercriminal Suspects and 100 Servers

KnowBe4

Coordinated efforts between law enforcement agencies across nine countries has resulted in a major disruption of a threat group’s malware and ransomware operations.

article thumbnail

SHARED INTEL Q&A: Forrester report shows Identity and Access Management (IAM) in flux

The Last Watchdog

Identity and Access Management (IAM) is at a crossroads. Related: Can IAM be a growth engine? A new Forrester Trends Report dissects ten IAM trends now in play, notably how AI is influencing IAM technologies to meet evolving identity threats. IAM is a concept that arose in the 1970s when usernames and passwords first got set up to control access mainframe computers.

Access 113
article thumbnail

Social Engineering Scams Can Come in the Mail, Too

KnowBe4

Social engineering scams can come through any communications channel (e.g., email, web, social media, SMS, phone call, etc.). They can even come in the mail as the Nextdoor warning below shares.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Weekly Update 403

Troy Hunt

I just watched back a little segment from this week's video and somehow landed at exactly the point where I said "I am starting to lose my patience with repeating the same thing over and over again" (about 46 mins if you want to skip to it), which is precisely how I wanted to start this post. In running HIBP for the last 10 and a bit years, there have been so many breaches where people have asked for the data within them beyond just the email address to be made available.

Risk 96
article thumbnail

One Step Closer: AI Act Approved by Council of the EU

Data Matters

On 21 May 2024, the Council of the European Union approved the EU Artificial Intelligence Act (the “ AI Act ”). This is the final stage in the legislative process and comes after the EU Parliament voted to adopt the legislation on 13 March 2024. This final vote clears the path for the formal signing of the legislation and its publication in the Official Journal of the EU in the coming weeks.

article thumbnail

How You Can Prevent Breaches like Snowflake in the Future

Thales Cloud Protection & Licensing

How You Can Prevent Breaches like Snowflake in the Future andrew.gertz@t… Thu, 06/06/2024 - 14:36 Recently, major data breaches at accounts with Snowflake highlight how something as easy to implement as Multi-Factor Authentication could have helped prevent unauthorized access to millions of data records. There were signs that something was afoot with Snowflake accounts as the Australian Signal Directorate issued an alert about increased cyber threat activity targeting Snowflake customers.

article thumbnail

Honorary Fellowships 2024 - Nominations Open

CILIP

Honorary Fellowships 2024 - Nominations Open Honorary Fellowship has been awarded by CILIP and its predecessor the Library Association since 1896. It is the highest recognition given to a person who has made an outstanding contribution to the library and information world. Members are invited to put forward nominations by the close of play 30th July following the criteria and using the nominations form listed on the Honorary Fellowship page Nominating someone for honorary fellowship is a way for

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

From Artificial Intelligence to Change Management: Key Takeaways from the 2024 Future Lawyer Conference in Boston

eDiscovery Daily

By Rick Clark The Future Lawyer 2024 Conference was held in Boston, MA, and hosted by Ropes & Gray LLP in their Prudential Tower offices. This two-day event hosted private practicing attorneys the first day and corporate in-house personnel the second day. The law firm day topics hovered mostly on how Generative and Predictive AI are gaining more steam in the legal industry, with the corporate agenda track more focused on change management.

article thumbnail

Apple device and app compliance in aviation

Jamf

Learn about Apple device and app compliance in aviation, focusing on security compliance management, challenges and solutions with Jamf Pro

article thumbnail

Google to start permanently deleting users’ location history

The Guardian Data Protection

Tech firm earlier committed to storing less data about individuals in response to privacy concerns Google will delete everything it knows about users’ previously visited locations, the company has said, a year after it committed to reducing the amount of personal data it stores about users. The company’s “timeline” feature – previously known as Location History – will still work for those who choose to use it, letting them scroll back through potentially decades of travel history to check where

article thumbnail

How to Lead an Army of Digital Sleuths in the Age of AI

WIRED Threat Level

Eliot Higgins and his 28,000 forensic foot soldiers at Bellingcat have kept a miraculous nose for truth—and a sharp sense of its limits—in Gaza, Ukraine, and everywhere else atrocities hide online.

IT 145
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.