Wed.Feb 28, 2024

article thumbnail

Calendar Meeting Links Used to Spread Mac Malware

Krebs on Security

Malicious hackers are targeting people in the cryptocurrency space in attacks that start with a link added to the target’s calendar at Calendly , a popular application for scheduling appointments and meetings. The attackers impersonate established cryptocurrency investors and ask to schedule a video conference call. But clicking the meeting link provided by the scammers prompts the user to run a script that quietly installs malware on macOS systems.

Phishing 294
article thumbnail

Chinese Group Runs Highly Persistent Ivanti 0-Day Exploits

Data Breach Today

UNC5325 Can Remain in Hacked Devices Despite Factory Reset and Patches Chinese threat actors are continuing to persist after exploiting the recent Ivanti Connect Secure VPN vulnerability even after factory resets, system upgrades and patches. The threat actor, UNC5325, is adept at "living off the land" techniques, warned threat intelligence firm Mandiant.

Security 301
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Unmasking 2024’s Email Security Landscape

Security Affairs

Analyzing the Email Security Landscape and exploring Emerging Threats and Trends. In the ever-shifting digital arena, staying ahead of evolving threat trends is paramount for organizations aiming to safeguard their assets. Amidst this dynamic landscape, email stands as a primary battleground for cyber defense. VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cy

Security 138
article thumbnail

Biden Executive Order Targets Bulk Data Transfers to China

Data Breach Today

New Order Tasks Department of Justice With Developing Data Transfer Protections U.S. President Joe Biden is set to sign Wednesday an executive order aimed at preventing the large-scale transfer of Americans' sensitive personal data to countries including China. The order will set off a rule-making process spearheaded by the Department of Justice.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

FBI, CISA, HHS warn of targeted ALPHV/Blackcat ransomware attacks against the healthcare sector

Security Affairs

The FBI, CISA, and the Department of HHS warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks. A cybersecurity alert published by the FBI, CISA, and the Department of Health and Human Services (HHS) warned U.S. healthcare organizations of targeted attacks conducted by ALPHV/Blackcat ransomware attacks. The US agencies released a report containing IOCs and TTPs associated with the ALPHV Blackcat RaaS operation identified through law enforcement investigations conduct

More Trending

article thumbnail

Russia-linked APT28 compromised Ubiquiti EdgeRouters to facilitate cyber operations

Security Affairs

Russian cyberspies are compromising Ubiquiti EdgeRouters to evade detection, warns a joint advisory published by authorities. The Federal Bureau of Investigation (FBI), National Security Agency (NSA), US Cyber Command, and international partners released a joint Cybersecurity Advisory (CSA) to warn that Russia-linked threat actors are using compromised Ubiquiti EdgeRouters (EdgeRouters) to evade detection in cyber operations worldwide.

article thumbnail

What EU Antitrust Probe Around Entra ID Means for Microsoft

Data Breach Today

Rivals Say Microsoft Restricts Competition Around Identity. Will Regulators Agree? Microsoft once again finds itself in the crosshairs of antitrust regulators, this time for practices around its Entra ID identity management tool. The European Commission is probing whether Microsoft prevents customers from buying security software that competes with its own, The Information said.

Security 275
article thumbnail

Pharmaceutical giant Cencora discloses a data breach

Security Affairs

Pharmaceutical giant Cencora suffered a cyber attack and threat actors stole data from its infrastructure. Pharmaceutical giant Cencora disclosed a data breach after it was the victim of a cyberattack. Cencora, Inc. , formerly known as AmerisourceBergen, is an American drug wholesale company and a contract research organization that was formed by the merger of Bergen Brunswig and AmeriSource in 2001.

article thumbnail

Down, Not Out: Russian Hacktivists Claiming DDoS Disruptions

Data Breach Today

Distributed Denial-of-Service Attacks Decline as Russia-Ukraine War Continues Russia's war of conquest against Ukraine grinds onward, but the number of self-proclaimed hacktivists appears to be dwindling as the strategy of temporarily disrupting the availability of high-profile websites has failed to sustain enthusiasm. Groups such as KillNet are still mostly a nuisance.

281
281
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Game-Changer: Biometric-Stealing Malware

KnowBe4

I have been working in cybersecurity for a long time, since 1987, over 35 years. And, surprisingly to many readers/observers, I often say I have not seen anything new in the hacker/malware space since I began. The same threats that were a problem then are the same problems now.

article thumbnail

Banks Use Behavioral Analytics to Tackle First-Party Fraud

Data Breach Today

BioCatch's Seth Ruden on How Defenders Can Keep Up With Evolving Fraud Scams First-party fraudsters have shifted their focus from credit card fraud to deposit scams. In this evolving threat environment, financial institutions face new challenges from the increased use of synthetic identities and the difficulties in classifying first-party fraud, said BioCatch's Seth Ruden.

Analytics 272
article thumbnail

New Research: Ransomware Incidents Spike 84% in 2023

KnowBe4

Newly-released data covering cyberthreats experienced in 2023 sheds some light on how very different last year was and paints a picture of what to expect of cyber attacks in 2024.

article thumbnail

BlackCat Pounces on Health Sector After Federal Takedown

Data Breach Today

Feds Issue Alert as Change Healthcare Hack Affects Medicare, CVS Caremark, MetLife BlackCat claimed on its dark web site that it is behind the biggest healthcare hack so far the year - exfiltrating 6 terabytes of "highly selective data" relating to "all" Change Healthcare clients, including Tricare, Medicare, CVS Caremark, MetLife and more.

IT 268
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Phishing Campaign Targets Mexican Taxpayers With Tax-Themed Lures

KnowBe4

A phishing campaign is targeting users in Mexico with tax-themed lures, according to researchers at Cisco Talos. The phishing emails direct users to a website that attempts to trick them into downloading a new strain of information-stealing malware called “TimbreStealer.

Phishing 107
article thumbnail

Okta Security Push Pays Dividends Following String of Issues

Data Breach Today

Credential Stuffing Plummets, More Malicious Requests Detected Amid Huge Investment Okta's 90-day push to improve its security architecture and operations following a crippling October 2023 data breach delivered quick results, CEO Todd McKinnon said. Okta over the past quarter reduced credential stuffing attempts and malicious bot traffic for its largest customers by more than 90%.

Security 258
article thumbnail

4 smart technologies modernizing sourcing strategy

IBM Big Data Hub

Sourcing is getting smarter. To start, many organizations have already pivoted from a tactical to a strategic sourcing mindset—which can make all the difference when it comes to gaining and retaining a competitive advantage. Why? Because organizations with strategic sourcing mindsets look beyond price and cost savings-centered supplier selection initiatives.

article thumbnail

When Threat Actors Don’t Have a Viable Email Platform to Phish From, They Just Steal Yours

KnowBe4

New analysis of a phishing campaign shows how cybercriminals use brand impersonation of the platforms they need to compromise accounts and takeover legitimate services.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

What is managed DNS, anyway?

IBM Big Data Hub

Managed DNS is where a third-party hosts and optimizes your DNS resolution architecture to provide the fastest, most secure, most reliable experience. Perhaps the easiest way to explain it is by looking at the opposite scenario: what if you don’t have a managed DNS service in place? Every query in the Domain Name System (DNS) follows the same logic to resolve IP addresses.

article thumbnail

Credential Theft Is Mostly Due To Phishing

KnowBe4

According to IBM X-Force’s latest Threat Intelligence Index , 30% of all cyber incidents in 2023 involved abuse of valid credentials. X-Force’s report stated that abuse of valid credentials exceeded phishing as a top threat for the first time.

article thumbnail

The difference between ALIAS and CNAME and when to use them

IBM Big Data Hub

The chief difference between a CNAME record and an ALIAS record is not in the result—both point to another DNS record —but in how they resolve the target DNS record when queried. As a result of this difference, one is safe to use at the zone apex (for example, naked domain such as example.com), while the other is not. Let’s start with the CNAME record type.

IT 89
article thumbnail

ICO Orders Companies to Cease Using Facial Recognition Technology and Fingerprint Scanning to Monitor Attendance

Hunton Privacy

On February 23, 2024, the UK Information Commissioner’s Office (the “ICO”) reported that it had ordered public service providers Serco Leisure, Serco Jersey and associated community leisure trusts (jointly, “the Companies”) to stop using facial recognition technology (“FRT”) and fingerprint scanning (“FS”) to monitor employee attendance. According to the ICO, the Companies, who process biometric data as controllers or joint controllers in 38 leisure facilities, failed to demonstrate the necessit

IT 74
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Exceptional patient experiences start with smarter data

OpenText Information Management

HIPAA taught us important lessons on how we interact with healthcare data, but it was a global pandemic that forced us to collectively go to data grad school. Understanding where data lives and how we interact with this massive amount of information helps to unlock quality of care, interoperability between disparate systems and mitigate downstream … The post Exceptional patient experiences start with smarter data appeared first on OpenText Blogs.

article thumbnail

CIPL Publishes The Zero Risk Fallacy Paper

Hunton Privacy

On February 20, 2024, The Centre for Information Policy Leadership at Hunton Andrews Kurth LLP (“CIPL”) and Theodore Christakis, Professor of International, European and Digital Law at University Grenoble Alpes, released a comprehensive study titled The “Zero Risk” Fallacy: International Data Transfers, Foreign Governments’ Access to Data and the Need for a Risk-Based Approach.

Paper 67
article thumbnail

Erwin Data Intelligence: A Data Partner’s Perspective

erwin

At Sparkle, we’re a holistic data partner helping organizations increase their data maturity in a strategic yet pragmatic way. One of the key ingredients to ensure data is really embedded in an organization, and one of the key enablers to increase the strategic impact of data, is the setup of a successful data governance program. While the essence of success in data governance is people and not technology, having the right tools at your fingertips is crucial.

article thumbnail

The view from the Edge has never been better

Collibra

The Collibra Data Intelligence Platform delivers trusted data for every user, every use case and across every source. But building a platform that has flexibility to work across these different customer environments is hard. This is where the Collibra Edge component comes in. Its role is to bridge the customer’s data sources in a secure and performant manner to provide rich functionality for the Collibra Data Intelligence Platform.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

The Path to Passwordless Authentication: PKI vs. FIDO

HID Global

Both PKI and FIDO authenticators eliminate the need for passwords and offer a seamless experience for end users by using asymmetric encryption.

article thumbnail

Waymo’s self-driving cars keep hitting things, including a cyclist, a gate and a pickup via Ottawa Citizen

IG Guru

Check out the story here. The post Waymo’s self-driving cars keep hitting things, including a cyclist, a gate and a pickup via Ottawa Citizen first appeared on IG GURU.

article thumbnail

Copilot for Microsoft 365…Are You Ready?

Daymark

Over the past few months, Microsoft has slowly rolled out Copilot for Microsoft 365 through their many channels, making it available to all customers. As I mentioned in my last blog, "Copilot for Microsoft 365 – What You Need to Know," there are still some prerequisites for purchasing, including a minimum term of 1 year, however, the minimum purchase quantity of 300, which was a limiting factor for most, has been eliminated.