Thu.May 02, 2024

article thumbnail

Dropbox Sees Breach of Legally Binding E-Signature Service

Data Breach Today

All Dropbox Sign Users' Emails Stolen, Plus Some MFA and OAuth Tokens, API Keys Dropbox said hackers breached its infrastructure and stole swaths of customer data for its legally binding electronic signature service, Dropbox Sign, including names, emails, hashed passwords and authentication tokens. The company has begun forcing password resets and API key rotation.

Passwords 299
article thumbnail

RSAC Fireside Chat: How the open-source community hustled to identify LLM vulnerabilities

The Last Watchdog

It took some five years to get to 100 million users of the World Wide Web and it took just one year to get to 100 million Facebook users. Related: LLM risk mitigation strategies Then along came GenAI and Large Language Models (LLM) and it took just a couple of weeks to get to 100 million ChatGPT users. LLM is a game changer in the same vein as the Gutenberg Press and the Edison light bulb.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Cryptohack Roundup: Geosyn Fraud Lawsuit

Data Breach Today

Also: North Korea Money Laundering and South Korean Crypto Police This week, SEC filed suit against Geosyn, prosecutors fought dismissed Tornado Cash charges, analyst tracked North Korean crypto laundering, European Parliament OK'd anti-money laundering law, FBI warned of unregistered crypto entities and South Korea may make crypto investigative unit permanent.

278
278
article thumbnail

The Breach of a Face Recognition Firm Reveals a Hidden Danger of Biometrics

WIRED Threat Level

Outabox, an Australian firm that scanned faces for bars and clubs, suffered a breach that shows the problems with giving companies your biometric data.

Privacy 145
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Breach Roundup: REvil Hacker Gets Nearly 14-Year Sentence

Data Breach Today

Also: Another Ivanti Zero-Day? And FBI Calls for Strengthening DMARC Policies This week, REvil hacker sentenced; ZDI saw possible Ivanti-zero-day; FBI said to strengthen DMARC policies; Okta saw surge in credential stuffing attacks; French hospital refused to pay ransom; JPMorgan, debt collection agency and healthcare company were breached; and ex-NSA employee was sentenced.

278
278

More Trending

article thumbnail

Rehab Hospital Chain Hack Affects 101,000; Facing 6 Lawsuits

Data Breach Today

At Least 33 Ernest Health Facilities in 12 States Are Reporting Breaches A Texas-based operator of rehabilitation hospitals is facing multiple federal proposed class action lawsuits in the wake of an apparent ransomware attack that affected dozens of its facilities in several states, potentially compromising the sensitive information of more than 101,000 individuals.

article thumbnail

HPE Aruba Networking addressed four critical ArubaOS RCE flaws

Security Affairs

HPE Aruba Networking addressed four critical remote code execution vulnerabilities impacting its ArubaOS network operating system. HPE Aruba Networking released April 2024 security updates that addressed four critical remote code execution (RCE) vulnerabilities affecting multiple versions of the network operating system ArubaOS. The four vulnerabilities are unauthenticated buffer overflow issues that could be exploited to remotely execute arbitrary code.

Access 137
article thumbnail

Experts Say White House Memo Overlooks Space Cyber Risks

Data Breach Today

Security Memo Update Opts Not to Include Space as Critical Infrastructure Sector Space industry executives say they're feeling left out of a push to better national cybersecurity, calling a White House update on Tuesday to a memo organizing critical infrastructure efforts a missed opportunity. Experts said the exclusion could leave the U.S. space sector vulnerable to attacks.

Risk 275
article thumbnail

CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

CISA adds GitLab Community and Enterprise Editions improper access control vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a GitLab Community and Enterprise Editions improper access control vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2023-7028 (CVSS score: 10.0), is an account takeover via Password Reset.

IT 135
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Veracode CEO on Mastering Application Security in the AI Era

Data Breach Today

New CEO Brian Roche on Application Management and the Role of AI in Managing Risk New Veracode CEO Brian Roche discusses the importance of artificial intelligence in managing application risk, the integration of startup Longbow Security into Veracode's ecosystem, and the convergence of traditional application security with cloud security.

article thumbnail

Ukrainian REvil gang member sentenced to 13 years in prison

Security Affairs

A Ukrainian national, a member of the REvil group, has been sentenced to more than 13 years in prison for his role in extortion activities. The Ukrainian national, Yaroslav Vasinskyi (24), aka Rabotnik, has been sentenced to more than 13 years in prison and must pay $16 million in restitution for conducting numerous ransomware attacks and extorting victims.

article thumbnail

Managed Service Provider Denies Being Source of Breach

Data Breach Today

Health Analytics Firm Said Hackers Stole Data on 1 Million by Hacking MSP's Network Who's responsible for a breach that exposed personal information for 1.1 million individuals? While a Maine consultancy blamed the breach on a managed service provider's network getting hacked, the MSP said the network was entirely owned and operated by its now-former customer.

Analytics 272
article thumbnail

News alert: LayerX Security raises $24M Series A funding for its ‘enterprise browser’ security platform

The Last Watchdog

Tel Aviv, Israel, May 2, 2024, CyberNewsWire — LayerX , pioneer of the LayerX Browser Security platform, today announced $24 million in Series A funding led by Glilot+, the early-growth fund of Glilot Capital Partners, with participation from Dell Technologies Capital and other investors. Lior Litwak, Managing Partner at Glilot Capital and Head of Glilot+, and Yair Snir, Managing Partner at Dell Technologies Capital, will join the LayerX board.

Security 130
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Critical Flaw in R Language Poses Supply Chain Risk

Data Breach Today

Deserialization Vulnerability Allows for Remote Code Execution A high-risk flaw in R statistics programming language could lead to a supply chain hack, warn security researchers who say they uncovered a deserialization flaw. Security researchers have long known that hackers sneak malicious code into serialized data.

Risk 263
article thumbnail

The UK Bans Default Passwords

Schneier on Security

The UK is the first country to ban default passwords on IoT devices. On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted. The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will rec

Passwords 126
article thumbnail

Permira Takes Majority Stake in BioCatch at $1.3B Valuation

Data Breach Today

Biometrics Stalwart Eyes M&A, Geographic Expansion With Private Equity Firm Backing Permira has acquired a majority stake in BioCatch at a $1.3 billion valuation, solidifying the company's global expansion plans. The behavioral biometrics company is exploring mergers and acquisitions, aiming to expand into key markets while consolidating its position in online fraud detection.

Marketing 263
article thumbnail

Is RogerLovesTaco$24 a Strong Password?

KnowBe4

Is "RogerLovesTaco$24" a strong password? No! Everyone has a ton of passwords. They should be strong and unique for every site and service you use. Everyone knows this.

Passwords 115
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

eSecurity Planet

The 2023 vendor surveys arriving this quarter paint a picture of a cybersecurity landscape under attack, with priority issues affecting deployment, alert response, and exposed vulnerabilities. Most organizations express confidence in their current status and budgets, but also expect to experience at least one data breach in 2024. This picture comes from an analysis of specific statistics and by reading between the lines in reports from 1Password, Cisco, CrowdStrike, Flashpoint, Google Threat Ana

article thumbnail

Analysis Shows 2023 to be “Worst Year for Phishing on Record”

KnowBe4

Newly-released data highlights our worst fears about the prevalence of phishing, and some glimmer of hope that the good guys may be winning the fight.

Phishing 111
article thumbnail

Weekly Update 398

Troy Hunt

How many different angles can you have on one data breach? Facial recognition (which probably isn't actual biometrics), gambling, offshore developers, unpaid bills, extortion, sloppy password practices and now, an arrest. On pondering it more after today's livestream, it's the unfathomable stupidity of publishing this data publicly that really strikes me.

Passwords 102
article thumbnail

Global Data Breaches and Cyber Attacks in April 2024 – 5,336,840,757 Records Breached

IT Governance

IT Governance’s research found the following for April 2024: 652 publicly disclosed security incidents. 5,336,840,757 records known to be breached. The number of records breached this month was high – particularly compared to March – largely due to two outlier events: Spy.pet, a data scraping website, offering 4,186,879,104 Discord messages for sale.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

iPhone isn’t secureable enough for the South Korea military – but Android is via Apple Insider

IG Guru

Check out the article here. The post iPhone isn’t secureable enough for the South Korea military – but Android is via Apple Insider first appeared on IG GURU.

article thumbnail

Celebrating the 221st Anniversary of The Louisiana Purchase with Special Media

Unwritten Record

To celebrate the 221st anniversary of the Louisiana Purchase on April 30, let’s use the catalog to see related records! On April 30, 1803, 828,000 square miles of land were purchased by the United States from the then-owner of its territory, France, for $15 million, which today would be about $342 million. Napoleon Bonaparte famously sold the land for funds to fight the British, offering up not just the lucrative port city of New Orleans, but the entirety of the Louisiana territory.

article thumbnail

Reining in content sprawl: a consultant’s perspective

OpenText Information Management

Today’s businesses run on data. It fuels our decision-making, helps us enhance customer experiences, and drives innovation. However, all this data has a big downside: content sprawl. Consider a common scenario: a client sends you an important document as an email attachment. You save a copy to your company’s cloud storage platform, another to your desktop for quick reference, and then forward the email to the rest of your team—who do the same thing.

ECM 59
article thumbnail

Spotlight Podcast: How AI Is Reshaping The Cyber Threat Landscape

The Security Ledger

Host Paul Roberts speaks with Jim Broome, the CTO and President of MSSP DirectDefense about the evolution of cybersecurity threats and how technologies like AI are reshaping the cybersecurity landscape and the work of defenders and Managed Security Service Providers (MSSP). The post Spotlight Podcast: How AI Is Reshaping The Cyber Threat Landscape. Read the whole entry. » Click the icon below to listen.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Pro-Russia hackers target critical infrastructure in North America and Europe

Security Affairs

Government agencies from the US, Canada and the UK warn of Russian threat actors targeting critical infrastructure in North America and Europe The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), National Security Agency (NSA), Environmental Protection Agency (EPA), Department of Energy (DOE), United States Department of Agriculture (USDA), Food and Drug Administration (FDA), Multi-State Information Sharing and Analysis Center (MS-ISAC), Canadian Ce