Mon.Mar 25, 2024

article thumbnail

US Indicts Accused APT31 Chinese Hackers for Hire

Data Breach Today

Prosecutors Say China Set Up a Wuhan Front Company for Geopolitical Hacks U.S. federal prosecutors indicted seven Chinese nationals they accuse of hacking for a Beijing economic and intelligence espionage group whose operations reacted to geopolitical trends. The suspects allegedly were contractors for a front company set up by an arm of the Ministry of State Security.

Security 304
article thumbnail

GUEST ESSAY: NIST’s Cybersecurity Framework update extends best practices to supply chain, AI

The Last Watchdog

The National Institute of Standards and Technology (NIST) has updated their widely used Cybersecurity Framework (CSF) — a free respected landmark guidance document for reducing cybersecurity risk. Related: More background on CSF However, it’s important to note that most of the framework core has remained the same. Here are the core components the security community knows: Govern (GV): Sets forth the strategic path and guidelines for managing cybersecurity risks, ensuring harmony with business go

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Data Protection Fines: UK Privacy Watchdog Updates Guidance

Data Breach Today

Regulator Emphasizes Upside of Transparency, Downside of Intentional Infringement After suffering a data breach, organizations that work closely with regulators and cybersecurity officials will be treated with greater leniency if their case results in penalties and a fine, says new guidance on data protection fines published by the U.K. Information Commissioner's Office.

Privacy 298
article thumbnail

Chinese Hackers Charged in Decade-Long Global Spying Rampage

WIRED Threat Level

US and UK officials hit Chinese hacking group APT31 with sanctions and criminal charges after they targeted thousands of businesses, politicians, and critics of China.

Security 142
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Hospitals Lobby Feds to Clarify Breach Duties in UHG Attack

Data Breach Today

AHA Wants Change Healthcare on Hook for Notification in Potential Breach As thousands of hospitals, clinics and doctor practices potentially have to notify millions of patients about the Change Healthcare breach, the American Hospital Association said the IT services firm and parent company, UnitedHealth Group, should be the sole sender of notifications.

IT 297

More Trending

article thumbnail

European Commission to Investigate Meta Subscription Model

Data Breach Today

'Pay or Consent' May Violate the Digital Services Act, Say EU Officials The European Commission will scrutinize Meta's pivot to a subscription model in response to a string of rulings from data protection boards limiting the social media giant's ability to legally collect user data. Europe announced a slew of investigations into American big-tech companies.

295
295
article thumbnail

StrelaStealer targeted over 100 organizations across the EU and US

Security Affairs

Researchers reported that over 100 organizations in Europe and US were targeted by a wave of large-scale StrelaStealer campaigns Palo Alto Networks’ Unit42 spotted a wave of large-scale StrelaStealer campaigns impacting over 100 organizations across the EU and US. The threat actors sent out spam emails with attachments that eventually launched the StrelaStealer malware.

article thumbnail

Why Endpoint Security Tools Are Still Such a Challenge

Data Breach Today

LinkedIn Chief Security Architect Calls for More Integration of Devices, Identities Despite advances in endpoint security, Sergei Rousakov, chief security architect at LinkedIn, said the landscape remains complex. He said endpoint tools need to take a more integrated approach that includes identity and device context to truly protect against cybersecurity threats.

Security 295
article thumbnail

CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerability CVE-2021-44529 Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulne

IT 139
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

The AI Revolution and White-Collar Workers

Data Breach Today

Will AI Be a Catalyst for Innovation or a Source of Displacement? If we proactively tackle the complexities of the AI revolution, we can ensure that it serves as a catalyst for innovation rather than a source of displacement. With thoughtful planning and inclusive policies, the integration of AI into the professional world can enhance human potential.

IT 289
article thumbnail

GoFetch side-channel attack against Apple systems allows secret keys extraction

Security Affairs

Researchers demonstrated a new side-channel attack, named GoFetch, against Apple CPUs that could allow an attacker to obtain secret keys. A team of researchers from several US universities demonstrated a new microarchitectural side-channel attack named GoFetch that could allow attackers to extract secret keys from systems using Apple CPUs. GoFetch side-channel attack can extract secret keys from constant-time cryptographic implementations via data memory-dependent prefetchers (DMPs).

Libraries 138
article thumbnail

UK Discloses Chinese Espionage Activities

Data Breach Today

Deputy Prime Minister Says Violet Typhoon Is Behind Attacks on UK Politicians Chinese state hackers targeted multiple British politicians, the U.K. government said Monday in a coordinated disclosure of Chinese state hacking activities designed to ramp up international pressure on Beijing. The British government summoned the Chinese ambassador to the Foreign Office.

article thumbnail

Cloud-Conscious Cyber Attacks Spike 110% as Threat Groups Sharpen their Attack Skills

KnowBe4

Cybercriminals are catching up to all the digital transformation done over the last decade, as new data shows increased expertise in leveraging and.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Report Urges Congress to Form an Armed Cyber Military Branch

Data Breach Today

Research Shows Military Suffers From Disjointed Cyber Operations Amid New Threats The Foundation for Defense of Democracies on Monday released a white paper that urges Congress to establish a seventh military branch to serve as an independent armed cyber service amid growing threats in cyberspace from foreign adversaries such as Russia and China.

Military 281
article thumbnail

FBI: Losses Due to Cybercrime Jump to $12.5 Billion as Phishing Continues to Dominate

KnowBe4

The FBI’s Internet Crime Complaint Center (IC3) newly-released Internet Crimes Report provides an unbiased big picture of the cyber crimes that were the most used and most successful.

Phishing 131
article thumbnail

Go behind the scenes for the Jaguar TCS Racing Team’s 100th Race: A Formula E Milestone

OpenText Information Management

Ready for an electrifying ride? The Jaguar TCS Racing Team is gearing up for a monumental milestone - their 100th race in the heart-pounding world of Formula E. And, guess what? You're invited to join in the excitement. But this isn't just any race: it's a celebration of speed, innovation, and the sheer will to win. Join us as we explore how the team uses OpenText AI and Analytics software to optimize their way to more victories, points, and podium finishes.

Analytics 105
article thumbnail

There Is Only So Much Lipstick You Can Put on a Cybercriminal Troll

KnowBe4

The one thing I love about our annual conference in Orlando, KB4-CON, is its thought-provoking nature. Year after year, the events team manages to keep a fine balance between product updates and thought leadership talks. The convention is the best time to shine for all of us at KnowBe4, and nothing is shinier these days than the promise of an AI-powered future.

IT 124
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Ahead of the curve: How generative AI is revolutionizing the content supply chain

IBM Big Data Hub

The global adoption of generative AI is upon us, and it’s essential for marketing organizations to understand and play in this space to stay competitive. With content demands expected to grow in the next few years, organizations need to create more content at a faster pace to meet customer expectations and business needs. Knowing how to manifest these improvements is not always clear: Enter generative AI and the content supply chain.

Risk 97
article thumbnail

The Average Malicious Website Exists for Less Than 10 Minutes

KnowBe4

A new Chrome update brings to light Google findings about malicious websites that have serious implications on detecting malicious links, spoofed brands and the use of legitimate web services.

article thumbnail

Celebrating the women of IBM AI Ethics

IBM Big Data Hub

For more than 100 years, IBM’s founding principles have inspired efforts to promote equality, fairness and inclusion in the workplace and society. The company has lived the value of “respect for the individual” by championing employment practices that reward ability over identity and that make work more attainable for all. In 1935, approximately twenty years after IBM was founded, it began hiring women into professional roles.

Risk 91
article thumbnail

New Hampshire’s Comprehensive Data Privacy Legislation

Data Matters

As the state boasting the headquarters of the International Association of Privacy Professionals, many have been watching the development of the New Hampshire comprehensive consumer data privacy law with great interest, wondering if it may be a practical model for the nation. On March 6, 2024, Governor Chris Sununu signed SB 255-FN (“the Act”) into law.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Mitigating the impact of climate change in insurance and other financial services  

IBM Big Data Hub

As the effects of climate change intensify, extreme weather events are becoming increasingly frequent and severe. The US experienced 25 extreme weather events in 2023, each causing losses of over USD 1 billion, with a total cost of USD 73.8 billion. These climate events have a huge potential impact on financial institutions. In 2021, large-scale floods affected the European countries of Austria, Germany, Belgium, the Netherlands and Luxembourg, causing USD 43 billion worth of damage in addition

article thumbnail

Vulnerability Recap 3/25/24 – More Ivanti Issues to Patch

eSecurity Planet

While only a few major vulnerabilities emerged this week, Ivanti announced another notable set of flaws in both its Standalone Security and Neurons for ITSM products. We also saw a physical security issue in Saflok electronic locks, which affects hotels in over a hundred countries. Fortra, Apple, and Amazon Web Services had vulnerabilities, too. IT teams should pay close attention to vulnerability news so they know when and how to patch their business systems.

article thumbnail

HID Connects Podcast Season 2 Episode 4 — Physical Security: What Is “Open” & Why Does It Matter?

HID Global

Security and privacy is crucial for all types of organizations. So, what does “open architecture” mean in the context of security? We go over the details in this podcast.

article thumbnail

Webinar: Preserve365: World-Class Digital Preservation in your Microsoft 365 environment via Preservica on March 26th at 11am ET

IG Guru

You have only a few days left to register with Preservica on March 26th at 11am ET for a live replay of our launch webinar featuring a panel of industry experts who explore the challenges and importance of managing long-term records in Microsoft 365. Don’t miss out on our demonstration of how Preserve365 works and […] The post Webinar: Preserve365: World-Class Digital Preservation in your Microsoft 365 environment via Preservica on March 26th at 11am ET first appeared on IG GURU.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Unexpected behavior: Microsoft Entra ID Platform Single Sign-On and Device Compliance

Jamf

Customers using the private preview of Microsoft Entra ID Platform Single Sign-On extension (PSSOe) are experiencing an issue with Device Compliance registration which causes devices to become non-compliant and marked as unmanaged. Guidance follows on how to check settings for the configuration profiles for Single Sign-On and how to remediate affected devices.

article thumbnail

George Mason University Makes a Smooth Jump to Mobile Access

HID Global

Read our latest case study to discover how George Mason University worked with HID to develop a better alternative to its card-based credential program.

Access 52
article thumbnail

Unexpected behavior: Microsoft Entra ID Platform Single Sign-On and Device Compliance

Jamf

Customers using the private preview of Microsoft Entra ID Platform Single Sign-On extension (PSSOe) are experiencing an issue with Device Compliance registration which causes devices to become non-compliant and marked as unmanaged. Guidance follows on how to check settings for the configuration profiles for Single Sign-On and how to remediate affected devices.