Tue.Apr 09, 2024

article thumbnail

April’s Patch Tuesday Brings Record Number of Fixes

Krebs on Security

If only Patch Tuesdays came around infrequently — like total solar eclipse rare — instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month’s patch batch — a record 147 flaws in Windows and related software.

Security 282
article thumbnail

Firm Says Medicare Info Obtained From DOJ Breached in Attack

Data Breach Today

Nearly 342,000 Affected; Health Data Incident Isn't Covered by HIPAA Rules A cyberattack on a Boston-based consulting firm that provides litigation support services to the U.S. Department of Justice in its investigations has potentially compromised Medicare numbers and other health insurance and medical information of nearly 342,000 individuals.

Insurance 189
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Over 91,000 LG smart TVs running webOS are vulnerable to hacking

Security Affairs

Researchers found multiple vulnerabilities in LG webOS running on smart TVs that could allow attackers to gain root access to the devices. Bitdefender researchers discovered multiple vulnerabilities in LG webOS running on smart TVs that could be exploited to bypass authorization and gain root access on the devices. The vulnerabilities discovered by the researchers impact WebOS versions 4 through 7 running on LG TVs. “WebOS runs a service on ports 3000/3001 (HTTP/HTTPS/WSS) which is used by

article thumbnail

Cyera Gets $300M at $1.4B Valuation to Fuel Safe AI Adoption

Data Breach Today

Series C Funding Round Aims to Transform Data Protection, Empower Safe Use of AI Cyera completed a $300 million funding round led by Coatue to fortify data security and facilitate safer AI adoption across enterprises. By consolidating data protection measures, Cyera hopes to address the critical need for a unified data security platform in the era of generative AI.

Security 182
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Section 702: The Future of the Biggest US Spy Program Hangs in the Balance

WIRED Threat Level

The US Congress will this week decide the fate of Section 702, a major surveillance program that will soon expire if lawmakers do not act. WIRED is tracking the major developments as they unfold.

Privacy 142

More Trending

article thumbnail

Google announces V8 Sandbox to protect Chrome users

Security Affairs

Google announced support for a V8 Sandbox in the Chrome web browser to protect users from exploits triggering memory corruption issues. Google has announced support for what’s called a V8 Sandbox in the Chrome web browser. The company included the V8 Sandbox in Chrome’s Vulnerability Reward Program (VRP). Chrome 123 is a sort of “beta” release for the sandbox designed to mitigate memory corruption issues in the Javascript engine.

Access 139
article thumbnail

Employees Are 'Quiet Quitting' - What Can Employers Do?

Data Breach Today

How Employers and Employees Can Create an Engaging, Satisfying Workplace Culture "Quiet quitting" is when employees strictly adhere to their job descriptions and meticulously avoid any tasks that fall outside their defined responsibilities. Here's how employers and employees can prevent it and create a workplace culture that promotes engagement, satisfaction and shared success.

IT 182
article thumbnail

ScrubCrypt used to drop VenomRAT along with many malicious plugins

Security Affairs

Researchers discovered a sophisticated multi-stage attack that leverages ScrubCrypt to drop VenomRAT along with many malicious plugins. Fortinet researchers observed a threat actor sending out a phishing email containing malicious Scalable Vector Graphics (SVG) files. The email is crafted to trick recipients into clicking on an attachment, which downloads a ZIP file containing a Batch file obfuscated with the BatCloak tool.

Phishing 139
article thumbnail

Evolving Threats Facing Robotic and Other Medical Gear

Data Breach Today

Robotic medical devices, such as surgical gear, offer great potential to improve patient care, but the cyber risks associated with these products must be carefully addressed, said Kevin Fu, director of the Archimedes Center for Health Care and Medical Device Cybersecurity at Northeastern University.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

New Phishing-as-a-Service (PhaaS) platform, 'Tycoon 2FA', Targets Microsoft 365 and Gmail Accounts

KnowBe4

This complexly dangerous new service brings the bypassing of MFA to the world’s most-used email platforms to the masses… something that should be.

Phishing 124
article thumbnail

Aged D-Link NAS Devices Are Being Exploited by Hackers

Data Breach Today

D-Link Tells Owners to Buy a Newer Model Network-attached storage manufacturer D-Link says owners of devices vulnerable to remote takeover exploits should suck it up and buy a replacement. Internet scans have tallied the number of affected NAS devices - a handful of servers released on average a decade ago - at more than 92,000.

article thumbnail

US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack

Schneier on Security

US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack by the Chinese government that accessed the emails of senior U.S. government officials. From the executive summary: The Board finds that this intrusion was preventable and should never have occurred. The Board also concludes that Microsoft’s security culture was inadequate and requires an overhaul, particularly in light of the company’s centrality in the technology ecosy

article thumbnail

Critical Improvements To The Seven Most Common Pieces of Cybersecurity Advice

KnowBe4

I regularly speak with thousands of cybersecurity practitioners each year. Nearly every day, I see (good) cybersecurity advice, but some of it is just.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

What Is a SaaS Security Checklist? Tips & Free Template

eSecurity Planet

SaaS security checklists are frameworks for protecting data and applications in cloud-based environments. They serve as benchmarks for upholding strong security requirements, evaluating existing tools, and assessing potential solutions. These checklists include security standards and best practices for SaaS and cloud applications, and B2B SaaS providers use them to guarantee that their solutions match customer security standards.

article thumbnail

All The Ways the Internet is Surveilling You

KnowBe4

Your personal information is continuously harvested and analyzed by countless data brokers eager to sell to the highest bidder. From your name to your online activities, to your employment details and even your real-time location — all are on the market for anyone interested.

Marketing 114
article thumbnail

Jamf Event: Comm recap

Jamf

April 9 Jamf Event for commercial customers covered compliance, end-user privilege elevation, Jamf Threat Labs, vulnerability management and App Installers and more!

article thumbnail

CyberheistNews Vol 14 #15 [Heads Up] Your Apple Users Are Now Targeted With New MFA Attacks

KnowBe4

[Heads Up] Your Apple Users Are Now Targeted With New MFA Attacks

108
108
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Jamf Event: Education recap

Jamf

The 2024 Jamf Event showed how to transform learning for students, teachers and parents; better protect students; and maintain seamless, secure access.

article thumbnail

CISA issues proposed rules for cyber incident reporting in critical infrastructure

Data Protection Report

On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) published a Notice of Proposed Rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which imposes new reporting requirements for entities operating in critical infrastructure sectors. The CIRCIA was originally enacted in part as a response to recent attacks on critical infrastructure, such as the ransomware attack on Colonial Pipeline in May 2021, but CISA’s proposed regula

article thumbnail

How the Masters uses watsonx to manage its AI lifecycle

IBM Big Data Hub

At the Masters®, storied tradition meets state-of-the-art technology. Through a partnership spanning more than 25 years, IBM has helped the Augusta National Golf Club capture, analyze, distribute and use data to bring fans closer to the action, culminating in the AI-powered Masters digital experience and mobile app. Now, whether they’re lining the fairways or watching from home, fans can more fully appreciate the performance of the world’s best golfers at the sport’s most

IT 78
article thumbnail

Doing the math to achieve “zero”: OpenText and Jaguar TCS Racing

OpenText Information Management

When you celebrate something, it’s not often that you focus on the number zero. All the typical celebrations focus on how bigger is better—sales and growth in business, birthdays, and anniversaries for personal celebrations. But on this year’s Earth Day, April 22, we choose to celebrate the number zero. Earth Day will follow closely after our partner, Jaguar TCS Racing , appears in the ABB FIA Formula E World Championship races in Misano, Italy on April 13 and 14.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

HID Connects Podcast S2E6 — Artificial Intelligence in Security: Rise of the Machines or “Meh”?

HID Global

In this podcast episode, hone in on what AI means to the security industry, including its practical applications and its potential for growth.

article thumbnail

Reinventing Email Security in the Age of Microsoft 365 via LinkedIn

IG Guru

Check out the article here. The post Reinventing Email Security in the Age of Microsoft 365 via LinkedIn first appeared on IG GURU.

article thumbnail

Life insurance policy administration system migrations: keys for staying on course

CGI

Why do so many life insurance carriers continue to live with outdated legacy administration platforms? The answer is that migrations are difficult and can go off course without the right people, governance, methodology and tools in place.

article thumbnail

The Week in Cyber Security and Data Privacy: 1 – 7 April 2024

IT Governance

67,273,297 known records breached in 130 newly disclosed incidents Welcome to this week’s global round-up of the biggest and most interesting news stories. At the end of each month, these incidents – and any others that we find – will be used to inform our monthly analysis of data breaches and cyber attacks. Publicly disclosed data breaches and cyber attacks: in the spotlight US Environmental Protection Agency allegedly breached: nearly 8.5 million accounts compromised A threat actor known as ‘U

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

US Bipartisan Privacy Bill Contains Cybersecurity Mandates

Data Breach Today

American Privacy Rights Act Has Genuine Chance of Becoming Law A bipartisan privacy proposal in the U.S. Congress backed by a key Senate Democrat and her House counterpart contains provisions that would place vast swaths of the American economy under new cybersecurity mandates. Support from Sen. Maria Cantwell distinguishes the bill from other recent attempts.

Privacy 189