Wed.Feb 14, 2024

article thumbnail

U.S. Internet Leaked Years of Internal, Customer Emails

Krebs on Security

The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence , which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishing more than a decade’s worth of its internal email — and that of thousands of Securence clients — in plain text out on the Internet and just a click away for anyone with a Web browser

Education 351
article thumbnail

Is Ransomware Finally in Decline? Groups Are 'Struggling'

Data Breach Today

Researchers See Waning Mystique, Use of Ghost Groups, Breach Tricks, Trauma of War While overall ransomware profits might remain high, many of the remaining or rebooted top-tier groups are "really struggling" with scarce talent, trauma from the Russia-Ukraine war and repeated disruptions by law enforcement, say researchers from threat intelligence firm RedSense.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Abusing the Ubuntu ‘command-not-found’ utility to install malicious packages

Security Affairs

Researchers reported that attackers can exploit the ‘command-not-found’ utility to trick users into installing rogue packages on Ubuntu systems. Cybersecurity researchers from cloud security firm Aqua discovered that it is possible to abuse, the popular utility ‘called ‘command-not-found’ that can lead to deceptive recommendations of malicious packages. “Aqua Nautilus researchers have identified a security issue that arises from the interaction between Ubuntu’

Cloud 144
article thumbnail

France Uncovers Russian Disinformation Campaign

Data Breach Today

'Portal Kombat' Is an Automated Pro-Russian Propaganda Network The French Ministry for Europe and Foreign Affairs accused Russia of running a disinformation campaign targeting Kyiv's Western allies ahead of the second anniversary of Moscow's invasion of Ukraine. The Russian approach to propaganda is a "firehose of falsehood," the Rand Corporation said.

253
253
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

‘AI Girlfriends’ Are a Privacy Nightmare

WIRED Threat Level

Romantic chatbots collect huge amounts of data, provide vague information about how they use it, use weak password protections, and aren’t transparent, new research from Mozilla says.

Privacy 144

More Trending

article thumbnail

Adobe Patch Tuesday fixed critical vulnerabilities in Magento, Acrobat and Reader

Security Affairs

Adobe Patch Tuesday security updates for February 2024 addressed more than 30 vulnerabilities in multiple products, including critical issues. Adobe Patch Tuesday security updates released by Adobe addressed over 30 vulnerabilities across various products, including critical issues. The software maker warned of critical flaws in popular products such as Adobe Acrobat and Reader, Adobe Commerce and Magento Open Source, Substance 3D Painter, and FrameMaker.

article thumbnail

North Korean Hackers Target South Korean President's Office

Data Breach Today

Attackers Accessed Details of State Visits to UK, France in Private Email Account The South Korean President's Office told local media Tuesday that suspected North Korean hackers had targeted the private email account of an official in November ahead of the president's state visits to the U.K. and France. Local reports suggest the hackers accessed the details of scheduled events.

Access 249
article thumbnail

Zoom fixed critical flaw CVE-2024-24691 in Windows software

Security Affairs

Zoom addressed seven vulnerabilities in its desktop and mobile applications, including a critical flaw (CVE-2024-24691) affecting the Windows software. The popular Video messaging giant Zoom released security updates to address seven vulnerabilities in its desktop and mobile applications, including a critical issue, tracked as CVE-2024-24691 (CVSS score of 9.6), in Windows software.

article thumbnail

Encryption Vital For Right to Privacy, European Court Rules

Data Breach Today

Court of Human Rights Ruling Challenges Russian Data Interception in Telegram Case A European court has sided with a Russian petitioner who challenged a Kremlin rule that requires telecom firms to backdoor their servers for law enforcement data collection. The court found that end-to-end encryption is essential to preserving the right to privacy in digital communication systems.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Microsoft Patch Tuesday for February 2024 fixed 2 actively exploited 0-days

Security Affairs

Microsoft Patch Tuesday security updates for February 2024 addressed 72 flaws, two of which are actively exploited in the wild. Microsoft Patch Tuesday security updates for February 2024 resolved a total of 72 vulnerabilities, including two actively exploited zero-days. The vulnerabilities affect Microsoft Windows and Windows Components; Office and Office Components; Azure; NET Framework and ASP.NET; SQL Server; Windows Hyper-V; and Microsoft Dynamics.

article thumbnail

They're Back: HHS OCR Plans Resurrect Random HIPAA Audits

Data Breach Today

Agency Is Surveying 207 Previously Audited Firms to Prep for Next Audit Cycle As U.S. federal regulators fine-tune a strategy to push the healthcare sector into a stronger cybersecurity posture, they are also dusting off a HIPAA compliance audit program that's been dormant for the last seven years. A new round of HIPAA audits for regulated entities is in the works.

article thumbnail

Nation-state actors are using AI services and LLMs for cyberattacks

Security Affairs

Microsoft and OpenAI warn that nation-state actors are using ChatGPT to automate some phases of their attack chains, including target reconnaissance and social engineering attacks. Multiple nation-state actors are exploiting artificial intelligence (AI) and large language models (LLMs), including OpenAI ChatGPT, to automate their attacks and increase their sophistication.

article thumbnail

Asset Management Firm Armis Acquires Honeypot Maker CTCI

Data Breach Today

Deal Between Private Companies Is Worth About $20 Million Venture-capital owned Armis, a firm that touts its ability to prepare companies for attacks before they materialize, acquired cybersecurity startup CTCI in a transaction approaching $20 million. Armis will merge CTCI employees and technology over the next 30 days.

Honeypots 236
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Another Ransomware-as-a-Service Known as “Wing” Takes Flight on the Dark Web

KnowBe4

Analysis of this newly-spotted service makes it clear that the newest entrant into the Ransomware-as-a-Service (RaaS) space has taken note of where predecessors are lacking and launched a better product.

article thumbnail

Section 702 Surveillance Fight Pits the White House Opposite Reproductive Rights

WIRED Threat Level

Prominent advocates for the rights of pregnant people are urging members of Congress to support legislation that would ban warrantless access to sensitive data as the White House fights against it.

Access 121
article thumbnail

Cupid’s Arrow of Cyber Scams

KnowBe4

Valentine's Day. A time where love is in the air, florists work overtime, and restaurant tables are as scarce as a truthful politician. But as we're busy swiping right in hopes of finding that special someone, cybercriminals are swiping left.on your security. Heartbreak hits differently when it's your bank account that's been ghosted.

Security 124
article thumbnail

Improving the Cryptanalysis of Lattice-Based Public-Key Algorithms

Schneier on Security

The winner of the Best Paper Award at Crypto this year was a significant improvement to lattice-based cryptanalysis. This is important, because a bunch of NIST’s post-quantum options base their security on lattice problems. I worry about standardizing on post-quantum algorithms too quickly. We are still learning a lot about the security of these systems, and this paper is an example of that learning.

Paper 117
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

AI in Cyberspace: A Double-Edged Sword

KnowBe4

The UK's National Cyber Security Centre (NCSC), recently shared its findings on how AI might reshape the cyber landscape. In two separate posts, the NCSC is warning that the global ransomware threat is expected to rise with AI.

article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at the Munich Security Conference (MSC) 2024 in Munich, Germany, on Friday, February 16, 2024. I’m giving a keynote at a symposium on “AI and Trust” at Generative AI, Free Speech, & Public Discourse. The symposium will be held at Columbia University in New York City and online, on Tuesday, February 20, 2024.

Security 111
article thumbnail

News alert: DigiCert taps tenured tech execs Jugnu Bhatia as its new CFO, Dave Packer as CRO

The Last Watchdog

Lehi, Utah – Feb. 14, 2024 – DigiCert, a leading global provider of digital trust, today announced new additions to its executive leadership team with the appointments of Jugnu Bhatia as Chief Financial Officer (CFO) and Dave Packer as Chief Revenue Officer (CRO). “DigiCert just closed its largest quarterly bookings in the company history, and I am thrilled to have such exceptional leaders joining our executive team at an important stage in our growth,” said Amit Sinha, CEO of DigiCert.

IT 100
article thumbnail

What Is Stateful Inspection in Network Security? Ultimate Guide

eSecurity Planet

Stateful inspection is a firewall feature that filters data packets based on the context of previous data packets. This important feature uses header information from established communication connections to improve overall security. An understanding of how stateful inspection works, the key pros and cons, and its use cases provides important insight into how stateful inspection can be used successfully in a security stack.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Delegated User Management: The Key to Secure Online Collaboration

Thales Cloud Protection & Licensing

Delegated User Management: The Key to Secure Online Collaboration madhav Thu, 02/15/2024 - 05:29 In the digital age, collaboration between human beings has leapt out of the confines of the physical office and the individual organization. Geographical boundaries no longer limit businesses, and they now frequently engage with partners, suppliers, and remote teams worldwide.

article thumbnail

The most valuable AI use cases for business

IBM Big Data Hub

When thinking of artificial intelligence (AI) use cases, the question might be asked: What won’t AI be able to do? The easy answer is mostly manual labor, although the day might come when much of what is now manual labor will be accomplished by robotic devices controlled by AI. But right now, pure AI can be programmed for many tasks that require thought and intelligence , as long as that intelligence can be gathered digitally and used to train an AI system.

article thumbnail

The Power of L.O.V.E.

OpenText Information Management

In the rapidly evolving landscape of Software-as-a-Service (SaaS), the role of customer success has become increasingly pivotal. Beyond simply providing reactive technical support, successful businesses recognize the need for a more holistic approach to customer engagement. Enter design empathy—a powerful concept that goes beyond functional aspects to understand and address the emotional and experiential dimensions … The post The Power of L.O.V.E. appeared first on OpenText Blogs.

64
article thumbnail

How to Protect Your Machine Learning Models

Thales Cloud Protection & Licensing

How to Protect Your Machine Learning Models madhav Thu, 02/15/2024 - 07:20 Contributors: Dr. Werner Dondl and Michael Zunke Introduction In computer technology, few fields have garnered as much attention as artificial intelligence ( AI) and machine learning (ML). This discipline – sitting at the intersection of computer science and data analysis – has become integral to mobile applications, voice assistants, fraudulent transaction detection, image recognition, autonomous driving, and even medica

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Ransomware Payments Hit a Record $1.1 Billion in 2023 via WIRED

IG Guru

Check out the article here. The post Ransomware Payments Hit a Record $1.1 Billion in 2023 via WIRED first appeared on IG GURU.

article thumbnail

RFID for Live Events: Crowd Management Benefits & Use Cases

HID Global

RFID can enhance security at events, manage large crowds and boost revenue for event organizers. Learn how in this blog.

article thumbnail

Sophie Sayer on the IT Governance Partner Programme

IT Governance

The benefits of partnering with us, and our partner-exclusive event IT Governance launched its partner programme in 2017, which now includes more than 400 organisations. To recognise and celebrate all our partners’ contributions, on 9 April 2024 we’ll be presenting awards and prizes to both organisations and individuals in a partner-exclusive, in-person awards ceremony.