Thu.Apr 11, 2024

article thumbnail

Why CISA is Warning CISOs About a Breach at Sisense

Krebs on Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense , whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard. CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening.

article thumbnail

Breach Roundup: Sisense Supply Chain Attack

Data Breach Today

Also: A Romanian Botnet and Alcohol Counselor Monument Settles with US FTC Over Ads This week, Sisense supply chain attack, a likely Romanian botnet, Patch Tuesday, an Apple spyware warning and AT&T notifies customers of breach. Alcohol counselor Monument shared data with Meta, a breach of Home Depot employee data, a breach at Targus and a threat actor targeted Moroccan activists.

208
208
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Information Governance: It’s What you Retain that Matters

AIIM

It’s funny how corporate leaders get serious about information governance right after their company has been hit with a lawsuit or regulatory action. OK, it’s not funny at all. But that’s usually when many executives decide it's time to implement information governance and in particular, document retention. We’re here to advise you to not put off having a defensible retention p rogram in place long before any legal action occur s.

article thumbnail

Raspberry Robin Morphs, Now Spreads via Windows Script Files

Data Breach Today

Malware Platform Operators Taket Steps to Obfuscate Code Threat actors behind malware distribution platform Raspberry Robin worm have shifted tactics to make the malware harder to detect and for researchers to analyze. Hackers deploying Raspberry Robin - often a precursor to a ransomware attack - now use Windows Script Files.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

DuckDuckGo Is Taking Its Privacy Fight to Data Brokers

WIRED Threat Level

Privacy-focused company DuckDuckGo is launching a tool to remove data from people-search websites, a VPN, and an identity theft restoration service.

Privacy 145

More Trending

article thumbnail

Palo Alto Networks fixed multiple DoS bugs in its firewalls

Security Affairs

Palo Alto Networks fixed several vulnerabilities in its PAN-OS operating system, including 3 issues that can trigger a DoS condition on its firewalls. Palo Alto Networks released security updates to address several high-severity vulnerabilities in its PAN-OS operating system. The company fixed the following DoS vulnerabilities: CVE-2024-3385 – The company reported that a packet processing mechanism in Palo Alto Networks PAN-OS software allows a remote attacker to reboot hardware-based fire

IT 141
article thumbnail

CISA Warns Russian Microsoft Hackers Targeted Federal Emails

Data Breach Today

US Cyber Defense Agency Instructs Agencies to Fortify Systems Amid Microsoft Breach The U.S. Cybersecurity and Infrastructure Security Agency publicly released an emergency directive Thursday requiring impacted federal agencies to take immediate remediation measures amid continued fallout from the Russian state-sponsored hacking of Microsoft that began in late November.

article thumbnail

Microsoft fixed two zero-day bugs exploited in malware attacks

Security Affairs

Microsoft addressed two zero-day vulnerabilities (CVE-2024-29988 and CVE-2024-26234) actively exploited by threat actors to deliver malware Microsoft addressed two zero-day vulnerabilities, tracked as CVE-2024-29988 and CVE-2024-26234, that threat actors are exploiting to deliver malware. Microsoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products.

Marketing 141
article thumbnail

Change Healthcare Attack 'Devastating' to Doc Practices

Data Breach Today

AMA Survey Finds 80% of Practices Lost Revenue From Unpaid Claims The IT services disruptions resulting from the Change Healthcare cyberattack is continuing to have a "devastating" effect on physician practices, threatening the financial viability of many and posing serious implications to patient care, said the American Medical Association in a new study.

IT 173
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Backdoor in XZ Utils That Almost Happened

Schneier on Security

Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s an important moral to the story of the attack and its discovery : The security of the global internet depends on countless obscure pieces of software written and maintained by even more obscure unpaid, distractible, and sometimes vulnerable volunteers.

Libraries 141
article thumbnail

Zscaler Buys Airgap Networks to Fuel Segmentation in IoT, OT

Data Breach Today

Deal Will Thwart Lateral Movement of Malicious Traffic Inside of Corporate Networks Zscaler purchased an agentless segmentation startup founded by longtime Juniper Networks executives to dynamically control access to critical infrastructure based on identity and context. Acquiring Airgap Networks will prevent sophisticated threats from moving laterally within IoT or OT devices.

IoT 162
article thumbnail

US CISA published an alert on the Sisense data breach

Security Affairs

Business intelligence software company Sisense suffered a cyberattack that may have exposed sensitive information of major enterprises worldwide. Sisense, a business intelligence software company, experienced a cyberattack potentially exposing the sensitive data of global enterprises. The list of the company’s customers includes Nasdaq, Philips Healthcare, Verizon, and many others.

article thumbnail

FBI Calls for Increased Funding to Counter Cyber Threats

Data Breach Today

FBI Director Chris Wray Warns U.S. Falling Behind to Adversaries in Cyberspace FBI Director Christopher Wray told a congressional panel Thursday the United States faces a wide range of "escalated" digital threats, including sophisticated cyberattacks and emerging risks to networks and critical infrastructure. The FBI took over 1,000 actions against cyber adversaries in 2023.

Risk 162
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Apple warns of mercenary spyware attacks on iPhone users in 92 countries

Security Affairs

Apple is warning iPhone users in over 90 countries of targeted mercenary spyware attacks, Reuters agency reported. Apple is alerting iPhone users in 92 countries about mercenary spyware attacks, reported Reuters. Reuters only mentioned India as one of the countries where users were targeted by the attacks. According to a threat notification email sent to targeted users, the IT giant detected attempts to “remotely compromise the iPhone.” The company did not attribute the targeted atta

MDM 137
article thumbnail

Cryptohack Roundup: Google Sues Alleged Crypto App Crooks

Data Breach Today

Also: Terraform Labs Liable in US Court for Civil Fraud This week, Google sued alleged crypto fraudsters, Mango Markets exploiter's trial began, Do Kwon and Terraform Labs are liable for civil fraud, Taiwanese prosecutors indicted ACE Exchange's co-founder, Wormhole nearly gave $40,000 to hackers and a Binance executive pleaded not guilty in Nigeria.

Marketing 162
article thumbnail

CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following D-Link multiple NAS devices flaws to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-3272 D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability CVE-2024-3273 D-Link Multiple NAS Devices Command Injection Vulnerability The flaw CVE-202

IT 137
article thumbnail

Top Tax Scams of 2024 Your Organization Should Watch Out For

KnowBe4

As the April 15, 2024 filing deadline approaches, tax scam artists are working overtime to take advantage of rushed or stressed taxpayers.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

News alert: NTT all photonics network connects data centers in U.S., U.K. at very low latency

The Last Watchdog

San Francisco and Tokyo, Apr. 11, 2024 – At Upgrade 2024 , NTT Corporation (NTT) and NTT DATA announced the successful demonstration of All-Photonics Network (APN) -driven hyper low-latency connections between data centers in the United States and United Kingdom. In the U.K., NTT connected data centers north and east of London via NTT’s Innovative Optical Wireless Network (IOWN) APN, and communication between them was realized with a round-trip delay of less than 1 millisecond.

article thumbnail

Water Facilities Compromised By Iranian Threat Actors

KnowBe4

In December 2023, a joint alert was issued by the FBI, CISA, NSA, EPA, and INCD regarding Iranian cyber actors known as "CyberAv3ngers" linked to Iran's Islamic Revolutionary Guard Corps (IRGC).

article thumbnail

News alert: Simbian launches with $10M to build autonomous, GenAI-powered security platform

The Last Watchdog

Mountain View, Calif. – April 11, 2024 – Simbian today emerged from stealth mode with oversubscribed $10M seed funding to deliver on fully autonomous security. As a first step towards that goal, the company is introducing the industry’s first GenAI-powered security co-pilot that integrates secure and intelligent AI solutions into diverse IT environments to maximize coverage and expedite resolutions to security teams’ ever-changing needs.

Security 100
article thumbnail

Malvertising Campaigns Surged in 2023

KnowBe4

Researchers at BlueVoyant observed a 50% increase in large-scale malvertising campaigns in 2023 compared to 2022.

Phishing 120
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Chambers 2024 Global Practice Guides for Data Protection & Privacy and Cybersecurity

Data Matters

The newest editions of the Chambers Global Practice Guides have been published and, once again, Sidley lawyers have contributed to two guides: Data Protection & Privacy 2024 and Cybersecurity 2024. These publications cover important developments across the globe and offer insightful legal commentary for businesses on issues related to data privacy and cybersecurity, such as regulatory enforcement and litigation, global cooperation to combat cybercrime, international agreement on ‘Softw

Privacy 88
article thumbnail

Yesterday, in DC, I was given the Holland on the Hill Freddy Heineken Award

KnowBe4

The Holland on the Hill Freddy Heineken Award honors an entrepreneur who has made a substantial and positive contribution to the US-Dutch economic relationship, exemplifying the best of both worlds.

113
113
article thumbnail

IBM researchers to publish FHE challenges on the FHERMA platform

IBM Big Data Hub

To foster innovation in fully homomorphic encryption (FHE), IBM® researchers have begun publishing challenges on the FHERMA platform for FHE challenges launched in late 2023 by the Fair Math and the OpenFHE community. FHE: A new frontier in technology Fully homomorphic encryption is a groundbreaking technology with immense potential. One of its notable applications lies in enhancing medical AI models.

article thumbnail

New Draft US Privacy Act Bill Includes Record and Data Retention

IG Guru

(4) RETENTION SCHEDULE.—Developing, maintaining, and adhering to a retention schedule for covered data disposal consistent with the practices and procedures required in paragraph (3). Read the draft bill here. The post New Draft US Privacy Act Bill Includes Record and Data Retention first appeared on IG GURU.

Privacy 71
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

AI governance is rapidly evolving — Here’s how government agencies must prepare

IBM Big Data Hub

The global AI governance landscape is complex and rapidly evolving. Key themes and concerns are emerging, however government agencies must get ahead of the game by evaluating their agency-specific priorities and processes. Compliance with official policies through auditing tools and other measures is merely the final step. The groundwork for effectively operationalizing governance is human-centered, and includes securing funded mandates, identifying accountable leaders, developing agency-wide AI

article thumbnail

Which Digital Travel Credential Is Right for My Country?

HID Global

Learn the nuances of the different digital travel credential (DTC) types so you can determine which one is ideal for your country.

52
article thumbnail

European instant payments in harmony: Traditional wisdom meets innovative thinking

IBM Big Data Hub

Customers are increasingly accustomed to instant payments through various mobile offerings, and there is a similar “instant” expectation for non-mobile payments that’s causing customers and legislators to put pressure on organizations to modernize the payments ecosystem. One of the biggest challenges these organizations face is evolving regulations related to payments.

Cloud 58