Tue.Jul 30, 2024

article thumbnail

Study: Average Cost of a Data Breach Rises to $4.9 Million

Data Breach Today

Involving Law Enforcement After Ransomware Attacks Drives Down Costs, Study Finds Data breaches continue to grow more costly, with the average cost of a breach hitting an all-time high of $4.9 million, driven by greater business disruption and post-breach customer support and remediation expenses, according to the latest annual Cost of a Data Breach Report from IBM.

article thumbnail

A crafty phishing campaign targets Microsoft OneDrive users

Security Affairs

Researchers detected a sophisticated phishing campaign targeting Microsoft OneDrive users to trick them into executing a PowerShell script. Over the past few weeks, the Trellix Advanced Research Center observed a sophisticated phishing campaign targeting Microsoft OneDrive users. Threat actors rely on social engineering tactics to trick users into executing a PowerShell script, which leads to their systems being compromised.

Phishing 144
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Ransomware Gangs Exploit VMware ESXi Flaw

Data Breach Today

Bug Allows Attackers to Add New Users to a Group With Full Admin Privileges Ransomware hackers discovered a way to gain full administrative privileges on VMware ESXi hypervisors connected to Microsoft's Active Directory, a finding that resulted in extortion demands from cybercriminals, including Storm-0506, Storm-1175, Octo Tempest and Manatee Tempest.

article thumbnail

A Senate Bill Would Radically Improve Voting Machine Security

WIRED Threat Level

This year’s Intelligence Authorization Act would mandate penetration testing for federally certified voting machines and allow independent researchers to work on exposing vulnerabilities.

Security 138
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Judge Allows Lawsuit Against EHR Vendor in Hack to Proceed

Data Breach Today

Several Claims Dismissed, But Other Allegations in Breach Case Get a Green Light A federal judge has dismissed several claims but has given the green light for plaintiffs to move forward with other allegations in a proposed class action filed against electronic health records vendor NextGen in the aftermath of a 2023 ransomware attack that affected about 1 million people.

More Trending

article thumbnail

Trellix's Dual AI Strategy: Combating and Using AI in Cyber

Data Breach Today

CEO Bryan Palma on Cobalt Strike Takedown and Generative AI's Role in Cyber Defense Bryan Palma, CEO of Trellix, shares insights into the company's involvement in cybercrime takedowns and the integration of generative AI into the company's XDR platform. He discusses how Trellix Wise streamlines SOC processes and the company's focus on ransomware detection and data security.

article thumbnail

SideWinder phishing campaign targets maritime facilities in multiple countries

Security Affairs

The APT group SideWinder launched a new espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. SideWinder (also known as Razor Tiger, Rattlesnake, and T-APT-04) has been active since at least 2012, the group mainly targeted Police, Military, Maritime, and the Naval forces of Central Asian countries. In the 2022 attacks, the threat actors also targeted departments of Foreign Affairs, Scientific and Defence organisations, Aviation, IT industry, and Le

Phishing 129
article thumbnail

UK ICO Reprimands Electoral Commission for 2021 Hack

Data Breach Today

Hackers Sued ProxyShell to Compromise Commission Systems The British data regulator reprimanded the U.K.'s Electoral Commission for its failure to prevent a 2021 cyberattack that resulted in the exposure of millions of voter records. Hackers breached the Electoral Commission's networks after exploiting the ProxyShell vulnerability.

IT 182
article thumbnail

Dark Angels Ransomware Group Scores Record-Breaking $75 Million Payday

KnowBe4

In the ever-evolving world of cybercrime, ransomware attacks continue to be a lucrative business for cybercriminals.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Meta Prompt Guard Is Vulnerable to Prompt Injection Attacks

Data Breach Today

Researchers Add Spaces in 'Ignore Previous Instructions' Prompt to Bypass Security A machine learning model that Meta released last week to prevent prompt injection attacks is vulnerable to prompt injection attacks, researchers said. There is as yet no definitive solution to the problems of jailbreaking and prompt injection attacks.

Security 173
article thumbnail

New Phishing Kit Uses Voice Call Generator to Impersonate Spanish Banks

KnowBe4

A new cybercriminal group is selling “a sophisticated AI-powered phishing-as-a-service platform” that targets 36 Spanish banks, according to researchers at Group-IB.

Phishing 125
article thumbnail

How Cribl Lake Transformed IT and Security Data Management

Data Breach Today

CEO Clint Sharp on Launching a Turnkey Data Lake Offering, AI Copilot Integration Cribl CEO Clint Sharp introduces Cribl Lake, a turnkey data lake solution that addresses common data storage challenges. Sharp highlights the benefits of seamless integration with Cribl Cloud and the use of AI for enhanced data management and security for IT leaders.

IT 162
article thumbnail

Organizations Prepare for More Evolved AI-Based Cyber Attacks as Deepfakes Become Top Concern

KnowBe4

New data on how the threat of AI in cyber crime is being seen as a growing risk provides insight into how organizations are shifting from reaction to prevention.

Risk 121
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Account Takeover Fraud Declines in Financial Services

Data Breach Today

Tighter Security Controls Help Stop Fraud, But Fake IDs and Web Scraping Are Rising Account takeover fraud in the financial services industry is declining in contrast with other industries such as retail and hospitality. Researchers at Human Security attribute the nearly 50% reduction to one of the basic controls in cybersecurity: multifactor authentication.

article thumbnail

Providing Security Updates to Automobile Software

Schneier on Security

Auto manufacturers are just starting to realize the problems of supporting the software in older models: Today’s phones are able to receive updates six to eight years after their purchase date. Samsung and Google provide Android OS updates and security updates for seven years. Apple halts servicing products seven years after they stop selling them. That might not cut it in the auto world, where the average age of cars on US roads is only going up.

Security 119
article thumbnail

Human Risk and Email Security: New Mimecast CEO's Vision

Data Breach Today

Marc Van Zadelhoff Highlights Email Security Enhancements and International Growth New Mimecast CEO Marc van Zadelhoff talks about the integration of Elevate to manage human risk and the company's strategy for technological innovation. He also details plans for expanding Mimecast's presence in non-English-speaking markets and enhancing channel partnerships.

Risk 130
article thumbnail

CyberheistNews Vol 14 #31 How The Whole World Now Knows About Fake North Korean IT Workers

KnowBe4

CyberheistNews Vol 14 #31 How The Whole World Now Knows About Fake North Korean IT Workers

IT 116
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Threat hunters – A day in the life

OpenText Information Management

Threat hunting is not just a job; it's a commitment to staying one step ahead of cyber adversaries. In this post, we'll dive into the daily life of a threat hunter, highlighting the myriad challenges they face. From technical hurdles to human and communication challenges, the life of a threat hunter is as demanding as it is rewarding. This is the third post in our ongoing “The Rise of the Threat Hunter” blog series.

article thumbnail

GUEST ESSAY: CrowdStrike outage fallout — stricter regulations required to achieve resiliency

The Last Watchdog

What does the recent CrowdStrike outage tell us about the state of digital resiliency? Related: CrowdStrike’s consolation backfires On a resiliency scale of one to 10, most enterprises are at about two. This was clear over the weekend when over 4000 flights were grounded, hospitals had to postpone services, and financial systems went down. The only reason the impact was not broader was luck – not everybody runs CrowdStrike, and not all processes have been digitized.

article thumbnail

CrowdStrike: Lessons on the Importance of Contracts, Insurance and Business Continuity

IT Governance

Mitigating supply chain risk After widespread coverage, the CrowdStrike outage from 19 July 2024 hardly needs an introduction. But as a reminder, here are some key facts about the CrowdStrike incident: CrowdStrike is a publicly listed security company, which provides security software to – among many other large organisations – Microsoft. The primary incident was a breach of integrity and availability , not confidentiality.

Insurance 104
article thumbnail

News Alert: Adaptive Shield to showcase new ITDR platform for SaaS at Black Hat USA

The Last Watchdog

Las Vegas, Nev., July 30, 2024, CyberNewsWire — Amid rising breaches including Snowflake, the platform helps security teams proactively detect and respond to identity-centric threats in business-critical SaaS applications. Adaptive Shield , a leader in SaaS Security, today announced its breakthrough Identity Threat Detection & Response (ITDR) platform for SaaS environments.

Sales 100
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Changing these 5 settings can instantly improve your TV picture quality

Collaboration 2.0

With a bit of patience and experimentation, you can adjust your TV's basic settings for a better viewing experience.

98
article thumbnail

Section 230’s Original Intent Offers Touchstone for Online Safety

Data Matters

As Section 230 of the 1996 Communications Decency Act nears its 30th year since enactment, debate rages on in Congress and in the public as to whether and how it should be changed or perhaps scrapped altogether. The post Section 230’s Original Intent Offers Touchstone for Online Safety appeared first on Data Matters Privacy Blog.

article thumbnail

My new favorite rugged smartwatch is not made by Apple or OnePlus

Collaboration 2.0

Packed with cutting-edge features, enhanced durability, and a sleek design, the Galaxy Watch Ultra sets a new standard for a Wear OS device.

98
article thumbnail

OCI Customers Can Now Externally Manage Encryption Keys from a Cloud-Based Service

Thales Cloud Protection & Licensing

OCI Customers Can Now Externally Manage Encryption Keys from a Cloud-Based Service madhav Tue, 07/30/2024 - 10:20 Oracle stands apart by offering a comprehensive suite of services across all its cloud delivery models, from Oracle Alloy and Dedicated Region Cloud@Customer to its standard Public Cloud service. Regardless of the means of delivery or usage, security, and regulatory compliance are significant hindrances to cloud adoption.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Apple Vision Pro FAQ: Price, features, hands-on insights, and everything you need to know

Collaboration 2.0

Is Apple's spatial computing headset worth the price? Can you try it before buying? ZDNET answers all your burning questions.

IT 98
article thumbnail

Enhance your security with Single Sign-On (SSO) and Multi-Factor Authentication (MFA)

Reltio

As part of our ongoing commitment to providing our customers with the highest level of security, we are excited to share important updates about the steps we are taking to further safeguard your Reltio accounts. We strongly encourage all customers to implement Single Sign-On (SSO), prepare for the upcoming Multi-Factor Authentication (MFA) capabilities, and migrate service users to client credentials.

article thumbnail

The square-shaped robot vacuum that kept my floors free of muddy paw prints this summer

Collaboration 2.0

The Ecovacs Deebot X2 Omni is a jack-of-all-trades robot vacuum mop with a unique square form that sets it apart from the competition.

IT 98