Mon.Feb 05, 2024

article thumbnail

Fraudsters Deepfake Entire Meeting, Swindle $25.5M

Data Breach Today

Hong Kong Company Scammed After Criminals Used Deepfake Technology to Imitate CFO Fraudsters used deepfake technology to trick an employee at a Hong Kong-based multinational company to transfer $25.57 million to their bank accounts. Hong Kong Police said Sunday that the fraudsters had created deepfake likenesses of top company executives in a video conference to fool the worker.

334
334
article thumbnail

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

The Last Watchdog

Even in the cloud era, Microsoft Exchange Server remains a staple business communications tool across the globe. Related: The need for robust data recovery policies. One critical issue faced by organizations that rely on Exchange Server is the risk of a corrupt Exchange Server database cropping up. Fortunately, effective tools and wise best practices can help mitigate this this exposure enabling companies to indefinitely leverage Exchange Server as a productive, resilient and secure communicatio

Risk 264
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Are Cybersecurity Performance Measures Realistic?

Data Breach Today

Government Watchdog Urges ONCD to Develop Outcome-Oriented Performance Measures A government watchdog urged the White House to establish metrics that would help determine the effectiveness of federal cybersecurity initiatives, but it's a lot easier to recommend developing outcome-oriented performance measures for cybersecurity than it is to actually develop them.

article thumbnail

Crooks stole $25.5 million from a multinational firm using a ‘deepfake’ video call

Security Affairs

Scammers stole HK$200 million (roughly $25,5 million) from a multi-national company using a deepfake conf call to trick an employee into transferring the funds. Scammers successfully stole HK$200 million (approximately $25.5 million) from a multinational company in Hong Kong by employing a deepfake video call to deceive an employee into transferring the funds.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Systems, Phones Still Offline at Chicago Children's Hospital

Data Breach Today

Cyberattacks on Pediatric Facilities Are Rare But Considered Especially Egregious Network systems - including phones, email, electronic health records and patient portals - remain offline at a Chicago children's hospital and research center nearly a week after it was hit by a cyberattack. Such incidents targeting entities that cater to kids are especially egregious, experts say.

IT 281

More Trending

article thumbnail

AnyDesk Confirms Systems Hacked, Triggers Password Reset

Data Breach Today

Company Says Problem Remediated, All Security-Related Certificates Revoked Remote desktop application provider AnyDesk acknowledged hackers recently gained unauthorized access to the company's production systems in a cyberattack. The firm said it revoked all security-related certificates as a precaution and is rolling out a new code-signing certificate.

Passwords 264
article thumbnail

How to hack the Airbus NAVBLUE Flysmart+ Manager

Security Affairs

Airbus Navblue Flysmart+ Manager allowed attackers to tamper with the engine performance calculations and intercept data. Flysmart+ is a suite of apps for pilot EFBs, helping deliver efficient and safe departure and arrival of flights. Researchers from Pen Test Partners discovered a vulnerability in Navblue Flysmart+ Manager that can be exploited to tamper with the engine performance calculations.

article thumbnail

Wiz Snags Zscaler COO Dali Rajic

Data Breach Today

Startup Company Vows It Will Earn $1 Billion in Annual Recurring Revenue Fast-growing cloud cybersecurity startup Wiz snagged a former Zscaler executive as its new chief operating officer and president as the company prepares to go public. Wiz announced Monday that Dali Rajic has jumped to the New York-headquartered company.

Cloud 256
article thumbnail

Experts warn of a surge of attacks targeting Ivanti SSRF flaw 

Security Affairs

The Ivanti SSRF vulnerability tracked as CVE-2024-21893 is actively exploited in attacks in the wild by multiple threat actors. The Ivanti Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2024-21893 , is currently being actively exploited in real-world attacks by various threat actors. Last week Ivanti warned of two new high-severity vulnerabilities in its Connect Secure and Policy Secure solutions respectively tracked as CVE-2024-21888 (CVSS score: 8.8) and CVE-2024-21893 (

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

UK Government Warned of AI Regulatory Capture by Big Tech

Data Breach Today

UK Parliament Urges Competition Regulator to Keep LLMs Under 'Close Review' A U.K. parliamentary committee scrutinizing the artificial intelligence market urged the British competition regulator to closely monitor developers of foundation models and warned against regulatory capture. Already, the market is trending toward consolidation, said a House of Lords committee.

article thumbnail

Deepfake Fraud

Schneier on Security

A deepfake video conference call—with everyone else on the call a fake— fooled a finance worker into sending $25M to the criminals’ account.

130
130
article thumbnail

Mastercard Deploys AI to Power CX and Fight Fraud

Data Breach Today

Rohit Chauhan and Nitendra Rajput of Mastercard on Using AI Beyond Convention Mastercard, a global leader in payments, is expanding its use of artificial intelligence beyond traditional applications. The company has deployed AI to prevent fraud and enhance customer experience, efficiently handling a 20% increase in inquiries and navigating through extensive manuals.

article thumbnail

2054, Part I: Death of a President

WIRED Threat Level

“They had, quite swiftly, begun an algorithmic scrub of any narrative of the president suffering a health emergency, burying those stories.” An exclusive excerpt from 2054: A Novel.

Security 127
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

EquiLend Continues System Restoration Post-Ransomware Attack

Data Breach Today

Back Online: NGT Platform, Which Handles Daily Transactions Worth $100 Billion Financial giant EquiLend Holdings said it's brought back online multiple systems, including its NGT platform that handles securities lending transactions worth $2.4 trillion every month, following an outage triggered by ransomware-wielding attackers gaining unauthorized access to its systems.

article thumbnail

Social Engineering Masterstroke: How Deepfake CFO Duped a Firm out of $25 Million

KnowBe4

Check out this one line for a moment.“ duped into attending a video call with what he thought were several other members of staff, but all of whom were in fact deepfake recreations.

122
122
article thumbnail

UK ICO Warns Organizations to Make Advertising Cookies Compliant Following Call to Action

Hunton Privacy

In November 2023, the UK Information Commissioner’s Office (“ICO”) wrote to organizations operating 53 of the UK’s biggest websites regarding their compliance with data protection laws when using cookies. On January 31, 2024, the ICO released a statement on such action noting that it received “an overwhelmingly positive response” with 38 of those organizations having changed their cookie banners in order to come into compliance.

article thumbnail

New Phishing-As-A-Service Kit with Ability to Bypass MFA Targets Microsoft 365 Accounts

KnowBe4

A phishing-as-a-service platform called “Greatness” is facilitating phishing attacks against Microsoft 365 accounts, according to researchers at Sucuri.

Phishing 122
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

The future of work: How Vision Pro is leading the charge

Jamf

Vision Pro unlocks the exciting world of spatial computing. Is your organization ready?

111
111
article thumbnail

Fake “I Can’t Believe He’s Gone” Posts Seek to Steal Facebook Credentials

KnowBe4

This new scam relies on a victims sense of curiosity, a bit of brand impersonation, and the hopes of a new login to compromise Facebook credentials that.

Security 119
article thumbnail

VulnRecap 2/5/24 – Azure, Apple, Ivanti, & Mastodon at Risk

eSecurity Planet

Critical multi-platform vulnerabilities impacting diverse systems dominated the past week’s cybersecurity headlines. Juniper Networks released updates for the high-severity flaws in SRX and EX Series. A coding vulnerability in Microsoft’s Azure Pipelines affected 70,000 open-source projects. Linux distros faced a heap-based buffer overflow issue.

Risk 104
article thumbnail

Global Data Breaches and Cyber Attacks in 2024

IT Governance

29,530,829,012 known records breached so far in 4,645 publicly disclosed incidents Welcome to our 2024 data breaches and cyber attacks page, where you can find an overview of the year’s top security incidents, the most breached sectors of 2024, month-on-month trends, links to our monthly reports, and much more. Use the links in the ‘On this page’ section below to navigate.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

6 ways generative AI can optimize asset management

IBM Big Data Hub

Every asset manager, regardless of the organization’s size, faces similar mandates: streamline maintenance planning, enhance asset or equipment reliability and optimize workflows to improve quality and productivity. In a recent IBM Institute for Business Value study of chief supply chain officers, nearly half of the respondents stated that they have adopted new technologies in response to challenges.

article thumbnail

Increase speed and accuracy with AI driven static analysis auditing

OpenText Information Management

The post Increase speed and accuracy with AI driven static analysis auditing appeared first on OpenText Blogs.

article thumbnail

Mastering identity security: A primer on FICAM best practices

IBM Big Data Hub

For federal and state governments and agencies, identity is the crux of a robust security implementation. Numerous individuals disclose confidential, personal data to commercial and public entities daily, necessitating that government institutions uphold stringent security measures to protect their assets. This need for robust security underscored by Executive Order 14028 , published in May 2021, calls for enhancing the nation’s cybersecurity posture.

article thumbnail

Webinar: Shantanoo A. Govilkar, from DivIHN, will discuss recent trends in Information Governance & Risk Management via ARMA Chicago on February 13, 2024 at 12pm Central

IG Guru

Join your ARMA Chicago colleagues from the privacy of your home or from the convenience of your office! This is a one-hour live video conference with an expert presenter and a chance to ask questions and connect with your fellow ARMA members. Topic: Shantanoo A. Govilkar, from DivIHN, will discuss recent trends in Information Governance & […] The post Webinar: Shantanoo A.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Modernizing payments without disrupting legacy checks systems

IBM Big Data Hub

Across the globe, financial institutions are rapidly modernizing to deliver secure, seamless payment experiences that meet the demands of digital-first consumers. Financial institutions face the challenge of enabling digital payments while simultaneously managing existing payment capabilities like checks. Although check usage is decreasing worldwide, in the US, checks remain the popular payment option for rent and larger transactions.In the EU, check volume is still deemed significant, with over

article thumbnail

Is the future of contact centers bot or human?

CGI

Human-like responses from OpenAI’s ChatGPT and other generative AI large language models (LLMs) have employees and politicians concerned about impending waves of job losses. Meanwhile, contact centers have trouble recruiting and retaining enough agents to keep up with rising consumer demand. Is the stage set for a showdown between humankind and machines?

59
article thumbnail

How is DNSSEC different from encryption? 

IBM Big Data Hub

It’s a question we often hear: “Isn’t DNSSEC the same as encrypted DNS?” Not really. While DNSSEC protects networks against man-in-the-middle attacks, it does so through public key cryptography, which is different from encryption. In other words, DNSSEC provides a form of authentication, but not a form of confidentiality. How is public key cryptography different from encryption?