Krebs on Security

MARCH 5, 2024

There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. “ ALPHV “) as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks. However, the cybercriminal who claims to have given BlackCat access to Change’s network says the crime gang cheated them out of their share of the ransom, and that they st

Ransomware 352

Ransomware Insurance Government IT 352

Data Breach Today

MARCH 5, 2024

Firm Maintains $2.6B Valuation in Series E Extension Round Amid Economic Headwinds A startup led by an Israeli intelligence veteran hauled in $200 million to pursue acquisitions that will allow for the protection of more asset types. The money will allow Axonius to better use existing data and build on its recent expansion to safeguard SaaS applications and installed software.

IT 284

IT 284

AIIM

MARCH 5, 2024

With AI-centric use cases expanding to extract value from both physical and digital assets, it’s time to see information governance as a way to accelerate innovation.

Information governance 177

Information governance Government Artificial Intelligence 177

Data Breach Today

MARCH 5, 2024

Affiliate Claims Administrators Kept All $22 Million Paid by Change Healthcare The administrators of the BlackCat ransomware-as-a-service group claim law enforcement has shut down their operation. But experts and affiliates accuse the group's leadership of running an exit scam on the heels of a $22 million ransom payment by a recent victim - Optum's Change Healthcare unit.

Ransomware 282

Ransomware 282

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Cloud

Security Affairs

MARCH 5, 2024

Apple released emergency security updates to address two new iOS zero-day vulnerabilities actively exploited in the wild against iPhone users. Apple released emergency security updates to address two iOS zero-day vulnerabilities, respectively tracked as CVE-2024-23225 and CVE-2024-23296, that were exploited in attacks against iPhone devices. CVE-2024-23225 is a Kernel memory corruption flaw, the company addressed it with improved validation. “An attacker with arbitrary kernel read and writ

Security 141

Security IT Information Security 141

Security Affairs

MARCH 5, 2024

VMware released urgent patches to address critical ESXi sandbox escape vulnerabilities in the ESXi, Workstation, Fusion and Cloud Foundation products Virtualization giant VMware released urgent updates to fix critical ESXi sandbox escape vulnerabilities in the ESXi, Workstation, Fusion, and Cloud Foundation products. The most severe vulnerabilities can be exploited by an attacker with local admin privileges on a virtual machine to execute code as the virtual machine’s VMX process running o

Cloud 143

Cloud Information Security IT Security 143

Data Breach Today

MARCH 5, 2024

Researchers Created Worm That Can Exfiltrate Data, Spread Spam and Poison AI Models Researchers have created a zero-click, self-spreading worm that can steal personal data through applications that use chatbots powered by generative artificial intelligence. Dubbed Morris II, the malware uses a prompt injection attack vector to trick AI-powered email assistant apps.

Artificial Intelligence 270

Artificial Intelligence Personal data 270

Schneier on Security

MARCH 5, 2024

Consumer Reports has analyzed a bunch of popular Internet-connected video doorbells. Their security is terrible. First, these doorbells expose your home IP address and WiFi network name to the internet without encryption, potentially opening your home network to online criminals. […] Anyone who can physically access one of the doorbells can take over the device—no tools or fancy hacking skills needed.

Encryption 124

Encryption Access Security 124

Data Breach Today

MARCH 5, 2024

Experts Offer Tips for Ironing Out Common Kinks in Incident Response The healthcare sector should have plenty of experience responding to data security incidents and breaches, especially in light of the record number of breaches reported last year. But when leaders are dealing with an incident, response plans can go awry. Experts offer tips for avoiding mishaps.

Data breaches 267

Data breaches Security 267

Advertisement

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

Security Affairs

MARCH 5, 2024

Two new security flaws in JetBrains TeamCity On-Premises software can allow attackers to take over affected systems. Rapid7 researchers disclosed two new critical security vulnerabilities, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score:7.3), in JetBrains TeamCity On-Premises. An attacker can exploit the vulnerabilities to take control of affected systems.

Authentication 136

Authentication Security Access IT 136

Data Breach Today

MARCH 5, 2024

Palo Alto Offering Free Products Won't Neutralize CrowdStrike's Cost Advantage: CEO CEO George Kurtz said Palo Alto Networks' strategy of offering free products won't neutralize CrowdStrike's advantage around total cost of ownership. Customers are smart enough to recognize the different between the price of a product and the total lifetime cost of operating inferior technology.

264

264

Security Affairs

MARCH 5, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft Windows Kernel vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2024-21338 (CVSS Score 7.8) Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

IT 134

IT Cybersecurity Ransomware Access 134

Data Breach Today

MARCH 5, 2024

Data Security Posture Management Deal Will Help CrowdStrike Guard Endpoints, Clouds CrowdStrike plans to purchase a data security posture management startup led by an Israeli Defense Forces team leader to safeguard information across endpoints and clouds. The proposed Flow Security deal will give CrowdStrike visibility into cloud data flows and how data interacts with applications.

Security 258

Security Cloud 258

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Cloud

Security Affairs

MARCH 5, 2024

The U.S. government sanctioned two individuals and five entities linked to the development and distribution of the Predator spyware used to target Americans. Today, the Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced actions on two individuals and five entities associated with the Intellexa Consortium for their role in the development and distribution of the commercial Predator spyware used to target Americans.

Government 134

Government Risk Ransomware Access 134

Data Breach Today

MARCH 5, 2024

Users Advised to Prioritize Patching for Publicly Known Flaws, Exploit Two critical vulnerabilities affecting all on-premises versions of TeamCity servers can result in authentication bypass and path traversal, enabling an attacker to gain administrative privileges for a server and take it over. Users should prioritize patching now that the exploit is public.

Authentication 247

Authentication IT 247

Jamf

MARCH 5, 2024

Launching alongside iOS 17.4, Apple will be making changes to adhere to the European Union’s Digital Markets Act, which could have massive implications for your organization’s end users and the security of their devices.

Marketing 111

Marketing Security 111

Data Breach Today

MARCH 5, 2024

Leaders in cybersecurity - and in any other business - need to keep a bank account filled with the trust and respect of their employees and make sure that account stays in the black, said Chase Cunningham, aka the Doctor of Zero Trust. He discussed his new book on how to be a good leader.

Cybersecurity 225

Cybersecurity 225

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

IT

WIRED Threat Level

MARCH 5, 2024

Registered Agents Inc. has for years allowed businesses to register under a cloak of anonymity. A WIRED investigation has found that its secretive founder has taken the practice to an extreme.

Privacy 110

Privacy IT Security 110

Data Breach Today

MARCH 5, 2024

Defense Minister Pistorius Says Leak Caused by Webex 'Application Error' German Minister of Defense Boris Pistorius on Tuesday said the recent leak of intercepted military data was the result of an "application error" and not caused by a system compromise by Russian hackers. Pistorius also said the country is continuing to examine the incident further.

Military 217

Military 217

IT Governance

MARCH 5, 2024

IT Governance’s research found the following for February 2024: 712 publicly disclosed security incidents. 719,366,482 records known to be breached. After January’s 29.5 billion records breached, following the MOAB (mother of all breaches) , 719 million records for this month seems comparatively small. The number of records breached is also small compared to January’s numbers excluding the MOAB – 3,530,829,011 known records breached.

Data breaches 93

Data breaches Sales Government Security 93

KnowBe4

MARCH 5, 2024

A recent great article by BleepingComputer about domain hijacking and DMARC abuse reminded me that many companies and people do not understand DMARC well enough to understand what it does and how it helps to prevent phishing.

Phishing 98

Phishing IT 98

Advertisement

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

Cloud

Record Nations

MARCH 5, 2024

Every bit and byte holds significance within your physical and digital business data. Data archiving is essential for maintaining regulatory compliance, preserving historical records, optimizing costs, mitigating risks, and improving operational efficiency. It ensures that organizations can effectively manage their data assets while safeguarding their integrity and accessibility for future use.

Archiving 70

Archiving Compliance Risk Access 70

KnowBe4

MARCH 5, 2024

Research on analysis of emerging threats in the age of AI has been released giving insight into exactly how these gangs are leveraging AI to advance.

Access 97

Access Phishing Security 97

Hunton Privacy

MARCH 5, 2024

On February 13, 2024, New York Attorney General (“NY AG”) Letitia James and New York State Education Department Commissioner (“NYSED”) Betty A. Rosa announced that College Board has agreed to settle charges in connection with allegations that it violated New York Education Law § 2-d, New York’s student privacy law. College Board is a New York-based nonprofit that administers standardized tests to high school students as part of the college admissions process, develops college readiness programs

Data Privacy 64

Data Privacy Privacy Education Marketing 64

KnowBe4

MARCH 5, 2024

Researchers at Lookout have discovered a sophisticated phishing kit that’s targeting employees at the US Federal Communications Commission (FCC), as well as employees of cryptocurrency exchanges Binance and Coinbase.

Phishing 71

Phishing Communications 71

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

OpenText Information Management

MARCH 5, 2024

The rapid growth of Microsoft® Teams within enterprises has led to unparalleled growth in content, with numerous Teams sites creating data duplication, document redundancy, and version control issues. As a result, content sprawl has become quite real quite quickly, creating governance challenges, user frustration, and productivity dips with content located across channels, chats, and emails. … The post Combat content sprawl with cloud content management appeared first on OpenText Blogs.

Cloud 59

Cloud Government Content services 59

CILIP

MARCH 5, 2024

CILIP Pathways Turns Four Zoe and Sheila recently completed their apprenticeships assessed by CILIP Pathways. CILIP Pathways was launched four years ago today, and this year also celebrates becoming the end-point assessment organisation (EPAO) for assessing the Level 7 Archives and Records Manager standard. CILIP Pathways provides quality assessment services for apprenticeships, and is staffed by experts in the library, information and knowledge sector and has a team of qualified independent ass

Libraries 59

Libraries Archiving Records Management 59

OpenText Information Management

MARCH 5, 2024

Application delivery management (ADM) plays a pivotal role in ensuring the seamless deployment, monitoring, and optimization of software applications. We’re well into 2024, and we can see the ADM field is poised for significant transformations, fueled by emerging technologies, evolving market demands, and heightened consumer expectations. Let’s dive into what we can anticipate in the … The post What are your competitors doing this year?

Marketing 59

Marketing Compliance Cloud Security 59