Wed.Aug 14, 2024

article thumbnail

Suspected Ransom Cartel Operator Extradited to the US

Data Breach Today

Maksim Silnikau, aka 'J.P.Morgan,' Charged in New Jersey and Virginia Federal Court A pioneer of the ransomware-as-a-service model appeared in U.S. federal court Tuesday where he faces a slew of charges stemming from a nearly two-decade online career. Poland extradited Maksim Silnikau to the United States on Friday; authorities arrested him in a Spanish seaside town in 2023.

article thumbnail

Want to Win a Bike Race? Hack Your Rival’s Wireless Shifters

WIRED Threat Level

Researchers have discovered a way that would allow anyone with a few hundred dollars to hack into a wireless gear-shifting systems used by the top cycling teams for events like the Tour de France.

Security 145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Iran Still Attempting to Hack US Elections: Google

Data Breach Today

Computing Giant Says APT42 Behind 'Small But Steady Cadence' of Phishing Emails Iranian nation-state hackers are continuing a campaign to infiltrate the U.S. presidential election by penetrating the email inboxes of campaign and election officials, Google said Wednesday. The Iranian cyberespionage group tracked as APT42 started "a small but steady cadence" of phishing emails.

Phishing 162
article thumbnail

Microsoft Patch Tuesday security updates for August 2024 addressed six actively exploited bugs

Security Affairs

Microsoft’s August 2024 Patch Tuesday addressed 90 vulnerabilities, including six that are actively exploited. Patch Tuesday security updates for August 2024 addressed 90 vulnerabilities in Microsoft products including Windows and Windows Components; Office and Office Components; NET and Visual Studio; Azure; Co-Pilot; Microsoft Dynamics; Teams; and Secure Boot and others, bringing the total to 102 when including third-party bugs.

Security 143
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

US NIST Formalizes 3 Post-Quantum Algorithms

Data Breach Today

Agency Also Formalizes 2 Digital Signature Standards; 1 More to Come Later in Year The National Institute of Standards and Technology, a global trendsetter for cryptographic standards, announced the publication of a post-quantum standard for general encryption and two digital signature standards. The agency solicited proposals in December 2016 and selected the algorithms in 2022.

More Trending

article thumbnail

Idaho-Based Medical Center Says 464,000 Affected by Attack

Data Breach Today

Ransomware Gang ThreeAM Claims It Leaked 22 Gbytes of Kootenai Health's Stolen Data An Idaho-based medical center is notifying about 464,000 patients and employees that their sensitive information was potentially compromised in an attack detected in March. Ransomware group ThreeAM claims to have leaked on its dark web site 22-Gbytes of Kootenai Health's stolen data.

article thumbnail

A Single Iranian Hacker Group Targeted Both Presidential Campaigns, Google Says

WIRED Threat Level

APT42, which is believed to work for Iran’s Revolutionary Guard Corps, targeted about a dozen people associated with both Trump’s and Biden’s campaigns this spring, according to Google’s Threat Analysis Group.

Security 136
article thumbnail

Kootenai Health data breach impacted 464,000 patients

Security Affairs

Kootenai Health suffered a data breach impacting over 464,000 patients following a 3AM ransomware attack. Kootenai Health disclosed a data breach impacting over 464,088 patients following the leak of their personal information by the ThreeAM (3AM) ransomware gang. Kootenai Health is a healthcare organization based in Coeur d’Alene, Idaho. It is a regional medical center that provides a wide range of medical services, including emergency care, surgical services, cancer care, and specialized

article thumbnail

Mimecast Acquires Aware to Advance Collaboration Security

Data Breach Today

Insights Bolster Human Risk Strategy, Target Insider Threat and Compliance Issues Mimecast's acquisition of Aware bolsters its human risk management by adding AI and natural language processing capabilities for collaboration tools. The deal enhances security across communication platforms, addressing insider threats and compliance issues while boosting Mimecast's market presence.

Security 130
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

China-linked APT Earth Baku targets Europe, the Middle East, and Africa

Security Affairs

China-linked threat actor Earth Baku expanded its operations in Europe, the Middle East, and Africa starting in late 2022. China-linked APT group Earth Baku (a threat actor associated with APT41 ) has expanded its operations beyond the Indo-Pacific region to Europe, the Middle East, and Africa. Trend Micro researchers observed the APT targeting countries like Italy, Germany, UAE, and Qatar, and the group is suspected to have targeted also entities in Georgia and Romania.

article thumbnail

3 State AGs Fine Biotech Firm $4.5M for 2023 Hack

Data Breach Today

Investigators Highlight Enzo Biochem's Failure to Fix Known Security Risks New York-based biotechnology firm Enzo Biochem will pay $4.5 million in state fines and must implement a list of security improvements, thanks to a 2023 ransomware attack that affected 2.4 million patients nationwide. Investigators highlighted the company's failure to fix known security risks.

article thumbnail

Your Gym Locker May Be Hackable

WIRED Threat Level

Security researchers say they’ve extracted digital management keys from select electronic lockers and revealed how they could be cloned.

Security 126
article thumbnail

AI/ML's Role in Cybersecurity: Balancing Innovation, Safety

Data Breach Today

Trail of Bits' Michael Brown on the Intersection of AI/ML and Cybersecurity Threats Trail of Bits' Michael Brown explores the dual challenges of applying AI and ML to cybersecurity and securing these evolving technologies themselves. He discusses the complementary nature of traditional and AI/ML-based approaches and highlights the pressing need for secure development life cycles.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Real Social Engineering Attack on KnowBe4 Employee Foiled

KnowBe4

DavidB, the KnowBe4 VP of Asia Pacific and Japan, recently experienced a sophisticated social engineering attack via WhatsApp.

124
124
article thumbnail

Navigating AI-Based Data Security Risks in Microsoft Copilot

Data Breach Today

Zenity's Michael Bargury on AI Prompt Injection and Copilot Security Flaws AI-powered tools such as Microsoft Copilot can be manipulated by attackers to access sensitive data and perform unauthorized actions, says Michael Bargury, co-founder and CTO of Zenity. Enterprises must address these new security challenges when adopting AI technologies.

Risk 130
article thumbnail

Texas Sues GM for Collecting Driving Data without Consent

Schneier on Security

Texas is suing General Motors for collecting driver data without consent and then selling it to insurance companies: From CNN : In car models from 2015 and later, the Detroit-based car manufacturer allegedly used technology to “collect, record, analyze, and transmit highly detailed driving data about each time a driver used their vehicle,” according to the AG’s statement.

Insurance 119
article thumbnail

Is China's Threat to US Critical Infrastructure Overblown?

Data Breach Today

Scythe CEO Bryson Bort on Why US Concerns About Chinese Attacks May Be Misplaced As concerns grow about China's cyberthreat to U.S. critical infrastructure, Scythe founder and CEO Bryson Bort suggests the actual risk may not be as severe as feared. He explains the factors that might limit China's cyber activities and the real strategic vulnerabilities that could be targeted.

Risk 130
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Microsoft Discovers Critical OpenVPN Vulnerabilities

eSecurity Planet

OpenVPN has long been a popular choice for creating secure point-to-point or site-to-site connections over the internet. Its open-source nature and robust encryption capabilities have made it a staple in many organizations’ and individuals’ security arsenals. However, a recent discovery by Microsoft researchers has unveiled a critical flaw in this widely trusted software.

Access 112
article thumbnail

'Her,' in Real Life?

Data Breach Today

OpenAI Evaluates GPT-4o's Capabilities, Risks in Scorecard Report The widespread use of generative artificial intelligence has brought on a case of real life imitating art: Humans have begun to bond with their AI chatbots. Such anthropomorphism - treating an object as a person - is not a total surprise, especially for companies developing AI models.

article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The event runs from September 24 through 26, 2024, and my keynote is on the 24th. The list is maintained on this page.

105
105
article thumbnail

The Upside-Down, Topsy-Turvy World of Ransomware

Data Breach Today

Crowded Leak Site May Be a Weakness and Fewer New Players a Sign of Higher Quality How many ransomware victims pay their attackers a ransom precisely to avoid having their names listed - or their stolen data dumped - on a ransomware group's data leak blog? We don't know, but leak site posts doesn't correlate well with telemetry data.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

DORA – ESAs Publish Draft Technical Standards on ICT Subcontracting

Data Matters

On 26 July 2024, the European Supervisory Authorities (EBA, EIOPA and ESMA, collectively, the “ESAs”) published their joint final report on the draft Regulatory Technical Standards (“RTS”) specifying the elements that a financial entity should determine and assess when subcontracting ICT services supporting critical or important functions under Article 30(5) of the Digital Operational Resilience Act (“DORA”).

article thumbnail

Why SEC, SolarWinds Eye Settlement Talks in Cyber Fraud Case

Data Breach Today

SEC 'Proposed Specific Settlement Terms' But Defense Unlikely to Accept, Judge Told Federal regulators and SolarWinds are eyeing a truce weeks after a judge dismissed most claims related to misleading investors about the company's security practices and risks. SEC lawyer Christopher Bruckmann said his team "proposed specific settlement terms," but the defense is unlikely to accept.

Risk 113
article thumbnail

AI risks are everywhere - and now MIT is adding them all to one database

Collaboration 2.0

Researchers created the AI Risk Repository to consolidate data. One of their findings? Misinformation is the least-addressed AI threat.

Risk 98
article thumbnail

Cybersecurity Consulting: Is It the Right Career for You?

Data Breach Today

Explore the Wide Range of Categories and Services and What It Takes to Do the Job Cybersecurity consulting encompasses a wide array of services and specialties, ranging from high-level strategic guidance to hands-on technical support. Discover the categories and learn how to position yourself as a trusted expert in the cybersecurity consulting field.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

These impressive bone conduction headphones offer 3 important safety features

Collaboration 2.0

The Suunto Wing headphones sound amazing while allowing you to be fully aware of your surroundings.

98
article thumbnail

Transform the Defender’s Dilemma into the Defender’s Advantage

Lenny Zeltser

The notion that cybersecurity defenders are at an inherent disadvantage—the so-called defender's dilemma—is incorrect and counterproductive. Instead of focusing solely on how we respond to attackers’ tactics, we can identify and use the advantages inherent in our position as defenders. This article explains what a defender-oriented mindset entails and how it can help you strengthen your security program.

article thumbnail

I switched to a $150 Motorola phone for two weeks, and it was a pleasant surprise

Collaboration 2.0

Motorola's latest Moto G Play 2024 looks and feels great, with an enjoyable software experience for most people's needs.

IT 98