Fri.Feb 09, 2024

article thumbnail

Juniper Support Portal Exposed Customer Device Info

Krebs on Security

Until earlier this week, the support website for networking equipment vendor Juniper Networks was exposing potentially sensitive information tied to customer products, including which devices customers bought, as well as each product’s warranty status, service contracts and serial numbers. Juniper said it has since fixed the problem, and that the inadvertent data exposure stemmed from a recent upgrade to its support portal.

article thumbnail

Internet-Exposed Water PLCs Are Easy Targets for Iran

Data Breach Today

Researchers Find Unprotected Unitronics Devices Here's one reason why Iranian state hackers may have been able to target Israeli-made pressure-monitoring controllers used by American water systems: Nearly 150 of the controllers are exposed to the internet - and some still use the default password 1111.

Passwords 306
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Mapping AI Readiness Content at AIIM Conference 2024

AIIM

Artificial Intelligence is a key focus of AIIM's new strategy , which the AIIM Board of Directors debuted in January 2024. So it's only fitting that AI take the lead at the AIIM Conference 2024 in San Antonio, Texas, April 3-5.

article thumbnail

As Elections Loom, So Do Adversaries' Influence Operations

Data Breach Today

US, UK, South Korea and India Most Targeted for Election Interference, Experts Warn With over 1 billion people across more than 50 countries - including the U.S., the U.K. and India - due to hold elections this year, one open question remains: How can nations combat adversaries who attempt to influence elections or otherwise interfere via physical, cyber or operational means?

297
297
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Black Basta ransomware gang hacked Hyundai Motor Europe

Security Affairs

Black Basta ransomware gang claims the hack of the car maker Hyundai Motor Europe and the theft of three terabytes of their data. BleepingComputer reported that the Car maker Hyundai Motor Europe was breached by the Black Basta ransomware gang. The threat actors claim to have stolen three terabytes of data from the company. In January the company experienced IT issues, the outage was likely caused by the ransomware attack, but the company did not disclose it.

More Trending

article thumbnail

Exploiting a vulnerable Minifilter Driver to create a process killer

Security Affairs

Researcher demonstrated how to exploit a signed Minifilter Driver in a BYOVD attack to terminate a specific process from the kernel. Exploiting a signed Minifilter Driver that can be used to used the BYOVD attack technique to a program able to terminate a specific process from the kernel. Exploiting a vulnerable Minifilter Driver to create a process killer Bring Your Own Vulnerable Driver (BYOVD) is a technique that uses a vulnerable driver in order to achieve a specific goal.

article thumbnail

HHS Rule Aligns Substance Disorder Privacy Regs With HIPAA

Data Breach Today

Final Rule for 42 CFR Part 2 Changes Aims to Improve Patient Care Coordination The Department of Health and Human Services has finalized regulations to better align federal requirements for the confidentiality of substance use disorder records with privacy protections afforded under HIPAA. The aim is to improve care coordination while enhancing sensitive data protections.

Privacy 278
article thumbnail

Fortinet warns of a new actively exploited RCE flaw in FortiOS SSL VPN

Security Affairs

Fortinet warns that the recently discovered critical remote code execution flaw in FortiOS SSL VPN, tracked CVE-2024-21762, is being actively exploited. Fortinet is warning that the recently discovered critical remote code execution vulnerability in FortiOS SSL VPN, tracked as CVE-2024-21762 (CVSS score 9.6), is actively exploited in attacks in the wild.

Military 138
article thumbnail

Authorities Take Down Seller of Widely Used RAT Malware

Data Breach Today

2 Men Arrested in Malta, Nigeria for Hawking Malware on Hacking Forums Since 2012 Federal authorities have seized internet domains and arrested two men in Malta and Nigeria who they say served as sales and customer service reps for a dark web business that sold RAT malware to cybercriminals over a 12-year period, leading to the "takeover and infection of computers worldwide.

Sales 277
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Ivanti warns of a new auth bypass flaw in its Connect Secure, Policy Secure, and ZTA gateway devices

Security Affairs

Ivanti warns customers of a new authentication bypass vulnerability in its Connect Secure, Policy Secure, and ZTA gateway devices. Ivanti has warned customers of a new high-severity security vulnerability, tracked as CVE-2024-22024 (CVSS score 8.3), in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication.

Security 138
article thumbnail

White House Launches First-Ever AI Safety Consortium

Data Breach Today

The National Group Will Develop Guidelines for AI Safety, Security and Red-Teaming Officials said the Artificial Intelligence Safety Institute Consortium will provide a "critical forum" for the public and private sectors as the federal government aims to use input from more than 200 stakeholders across public society to develop AI safety and security standards.

article thumbnail

2054, Part V: From Tokyo With Love

WIRED Threat Level

“Had this all been contrived? Had his life become a game in which everyone knew the rules but him?” An exclusive excerpt from 2054: A Novel.

Security 124
article thumbnail

ISMG Editors: What CISOs Should Prepare for in 2024

Data Breach Today

Joe Sullivan Also Discusses Identity Management, AI, State of Information Sharing In the latest weekly update, Joe Sullivan, CEO of Ukraine Friends, joins three editors at ISMG to discuss the challenges of being a CISO in 2024, growing threats from disinformation, vulnerabilities in MFA, AI's role in cybersecurity, and the obstacles to public-private information sharing.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Browser-Based Phishing Attacks Increase 198%, With Evasive Attacks Increasing 206%

KnowBe4

A new report shows massive increases in browser attacks in the second half of 2023, with over 31,000 threats specifically designed to bypass security solution detection.

Phishing 124
article thumbnail

New Know-Your-Customer and Reporting Rules Proposed for Cloud Providers: Five Key Takeaways

Data Matters

Last week, the U.S. Department of Commerce published a notice of proposed rulemaking ( NPRM ) implementing Executive Orders (EO) 13984 and 14110 to prevent “foreign malicious cyber actors” from accessing U.S. infrastructure as a service products 1 (IaaS Rule). The IaaS Rule seeks to strengthen the U.S. government’s ability to track “foreign malicious cyber actors” who have relied on U.S.

Cloud 122
article thumbnail

No, Toothbrushes Were Not Used in a Massive DDoS Attack

Schneier on Security

The widely reported story last week that 1.5 million smart toothbrushes were hacked and used in a DDoS attack is false. Near as I can tell, a German reporter talking to someone at Fortinet got it wrong , and then everyone else ran with it without reading the German text. It was a hypothetical, which Fortinet eventually confirmed. Or maybe it was a stock-price hack.

IT 119
article thumbnail

What Is a Next-Generation Firewall?

eSecurity Planet

A next generation firewall (NGFW) performs deep packet inspection to check the contents of the data flowing through the firewall. Unlike more basic firewalls that only check the header of data packets, NGFWs examine and evaluate the payload data within the packet. This deep packet inspection provides the basis for the various NGFW features that improve malware blocking.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Your CVSS Questions Answered

IT Governance

What the Common Vulnerability Scoring System is, how to use it, limitations and alternatives, and key changes in CVSS v4.0 Our senior penetration tester Leon Teale has more than ten years’ experience performing penetration tests for clients in various industries all over the world. In addition, he’s won hackathon events in the UK and internationally, and is accredited for multiple bug bounties.

IoT 107
article thumbnail

Calculating Materiality for SEC Rule 1.05

KnowBe4

The U.S. Securities and Exchange Commission (SEC), through a new requirement of Item 1.05 of the 8-K, requires that all regulated companies report significant cybersecurity breaches within four business days of determining that the incident was “material”.

article thumbnail

Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware via the Hacker News

IG Guru

Check out the story here. The post Patchwork Using Romance Scam Lures to Infect Android Devices with VajraSpy Malware via the Hacker News first appeared on IG GURU.

article thumbnail

CNIL Publishes 2024 Investigation Focus Plan

Hunton Privacy

On February 8, 2024, the French Data Protection Authority (the “CNIL”) announced the priority topics for its inspections in 2024. In 2024, the CNIL will focus its investigations on the following priority topics: Data Collection for the Olympic and Paralympic Games. As millions of individuals are expected to travel to France for the Olympic and Paralympic Games this year, the CNIL will focus on verifying the measures that are deployed for security purposes ( e.g. , the use of QR codes for restr

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Google’s On The Field Now. Is It Being Too Cautious?

John Battelle's Searchblog

Google’s Gemini launch. As hype escalated around the debut of ChatGPT more than a year ago, I predicted that OpenAI and Microsoft would rapidly develop consumer subscription service models for their nascent businesses. Later that year I wrote a piece speculating that Google would inevitably follow suit. If Google was smart, and careful, it had a chance to become “ the world’s largest subscription service.” From that piece: Google can’t afford to fall behind as its closest

IT 59
article thumbnail

What’s Next in Children’s Privacy: An Update on the FTC’s Proposed Changes to the COPPA Rule

Hunton Privacy

Hunton Andrews Kurth is hosting a webinar discussing the Federal Trade Commission’s proposed revisions to the Children’s Online Privacy Protection Rule ( i.e. , the COPPA Rule) on February 20, 2024, at 12:00 p.m. (ET). Hunton partners Phyllis Marcus and Lisa Sotto will discuss the FTC’s recent proposal to strengthen federal protections for children’s privacy and the implications of the new changes, if enacted, for organizations.

Privacy 67
article thumbnail

Acumatica Unveils New Features, Celebrates Customers at Annual Summit

Information Matters

Cloud ERP provider Acumatica showcased new capabilities and celebrated customer growth at its annual summit this week. The event highlighted Acumatica’s focus on customer feedback to drive product development. “Our Read more The post Acumatica Unveils New Features, Celebrates Customers at Annual Summit appeared first on Information Matters - Where AI Meets Knowledge Management.

Cloud 52
article thumbnail

Leadership 4.0: How to be an effective leader in a digitalized world

Docuware

Digitalization has fundamentally changed the leadership role. Authoritarian bosses, micromanagement and hierarchical thinking are a thing of the past. This is because traditional management structures can’t respond quickly to constantly changing market conditions and new customer demands. Instead, today’s leaders are called upon to exercise their emotional intelligence as well as business savvy and coach rather than give orders.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

GenAI Reshaping Europe’s Intelligent Automation Landscape

Information Matters

A new report by Information Services Group (ISG) finds that advancements in generative AI are starting to reshape the European market for intelligent automation, though hype remains high. The ISG Read more The post GenAI Reshaping Europe’s Intelligent Automation Landscape appeared first on Information Matters - Where AI Meets Knowledge Management.

article thumbnail

Friday Squid Blogging: A Penguin Named “Squid”

Schneier on Security

Amusing story about a penguin named “Squid.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.

Security 108
article thumbnail

10 Major Benefits of Cloud-Native Application Development

eSecurity Planet

Cloud-native application development combines organizational and technical changes in the design, build, and deployment of software in the cloud to deliver value faster and improve overall business efficiency. This includes using cloud-native principles, services, architecture, and DevOps processes to build scalable, flexible, and resilient systems.

Cloud 114