Thu.Apr 04, 2024

article thumbnail

Google Fixes Two Pixel Zero-Days Exploited by Forensic Firms

Data Breach Today

Bugs Allowed Device Unlocking and Memory Access Google addressed two zero-day vulnerabilities in Pixel mobile phones that forensic firms exploited to bypass PINs and access stored data on the device. The bugs allowed attackers to unlock and access Pixel's device memory with physical access.

Access 297
article thumbnail

Fake Lawsuit Threat Exposes Privnote Phishing Sites

Krebs on Security

A cybercrook who has been setting up websites that mimic the self-destructing message service privnote.com accidentally exposed the breadth of their operations recently when they threatened to sue a software company. The disclosure revealed a profitable network of phishing sites that behave and look like the real Privnote, except that any messages containing cryptocurrency addresses will be automatically altered to include a different payment address controlled by the scammers.

Phishing 239
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

New Rules for Shipbuilding Focus on IT/OT Cybersecurity

Data Breach Today

New IACS Rules to Secure Onboard Digital Systems, Equipment Go Into Effect July 1 IT and OT security experts say threats to shipping underscore the need for more stringent regulations for passenger, cargo and high-speed vessels by the International Association of Classification Societies. The new IACS cybersecurity and resilience requirements will go into effect July 1.

article thumbnail

Tories planned to make millions from members’ data with ‘True Blue’ app

The Guardian Data Protection

Exclusive: senior party officials worked on commercial venture that would allow brands to sell products to supporters Senior Conservative party officials worked on plans to hand over its entire membership database for a commercial venture that promised to make tens of millions of pounds, the Guardian can reveal. Leaked documents show Tory executives discussed exploiting members’ personal data to build a mobile phone app that could track users’ locations and allow big brands to advertise to Conse

Sales 145
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Microsoft, Okta, CyberArk Lead Workforce Identity Rankings

Data Breach Today

OneLogin Departs Forrester's Leaderboard as User Experience Takes Center Stage Microsoft, Okta and CyberArk remained atop Forrester's workforce identity rankings, while OneLogin tumbled from the leaders' spot. The shift toward digital platforms and growing adoption of cloud services have been pivotal in driving the evolution of workforce identity platforms.

Cloud 273

More Trending

article thumbnail

The US or the UK: Where Should You Get a Cybersecurity Job?

Data Breach Today

Differences in How the United States and United Kingdom Think About Cybersecurity The differences between working in cybersecurity in the U.K. and U.S. are not just a matter of accent or office culture; they are a study in how national security priorities, regulatory environments and cultural attitudes toward privacy and surveillance affect cyber workers' professional lives.

article thumbnail

Surveillance by the New Microsoft Outlook App

Schneier on Security

The ProtonMail people are accusing Microsoft’s new Outlook for Windows app of conducting extensive surveillance on its users. It shares data with advertisers, a lot of data: The window informs users that Microsoft and those 801 third parties use their data for a number of purposes, including to: Store and/or access information on the user’s device Develop and improve products Personalize ads and content Measure ads and content Derive audience insights Obtain precise geolocation data

Access 133
article thumbnail

Remote Desktop Protocol: An Active Adversary Special Report

Data Breach Today

What is RDP, why is it a very nearly ubiquitous finding in incident response, and how can investigators run it to ground when it goes wrong? An Active Adversary Special Report Remote Desktop Protocol (RDP) is commonly abused by ransomware groups. Here are methods on how we can provide context and advice for administrators and responders looking to deal with RDP.

article thumbnail

HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks

Security Affairs

HTTP/2 CONTINUATION Flood: Researchers warn of a new HTTP/2 vulnerability that can be exploited to conduct powerful denial-of-service (DoS) attacks. HTTP messages can contain named fields in both header and trailer sections. CERT/CC experts explained that both header and trailer fields are serialized as field blocks in HTTP/2 to transmit them in multiple fragments to the target implementation.

Libraries 141
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Breach Roundup: Omni Hotels Acknowledges Cyber Incident

Data Breach Today

Also: Insurer Predicts Ransomware for Cars, Offers to Cover Towing Costs This week, Omni, OWASP and MarineMax suffered cyber incidents, Ivanti disclosed flaws, Cisco gave tips to stop password-spraying attacks, a court upheld an FCC ban, India rescued citizens in Cambodia, Americans lost $1.1 billion to impersonation scams, and an insurer introduced a cyber auto policy.

Insurance 236
article thumbnail

Ivanti fixed for 4 new issues in Connect Secure and Policy Secure

Security Affairs

Ivanti addressed four flaws impacting Connect Secure and Policy Secure Gateways that could lead to code execution and denial-of-service (DoS) condition. Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could result in code execution and denial-of-service (DoS). The list of vulnerabilities addressed by the company is reported below: CVE Description CVSS Vector CVE-2024-21894 A heap overflow vulnerability in IPSec componen

Security 128
article thumbnail

Cryptohack Roundup: Thieves Steal Money, Seek Praise

Data Breach Today

Also: A OneCoin Sentencing, Tornado Cash Update, FTX Repayment Plans This week, hackers stole from Prisma Finance and demanded praise, a OneCoin head was sentenced to prison, a Tornado Cash co-founder asked for dismissal of charges, FTX said it will repay customers, Singapore has new digital payment token rules, and the BoE and FCA launched Digital Security Sandbox.

Security 243
article thumbnail

US cancer center City of Hope: data breach impacted 827149 individuals

Security Affairs

US cancer center City of Hope suffered a data breach that impacted 800,000 individuals, personal and health information was compromised. City of Hope is a renowned cancer research and treatment center located in Duarte, California, United States. It is recognized for its comprehensive cancer care, innovative research, and compassionate patient support services.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Google Proposes Method for Stopping Multifactor Runaround

Data Breach Today

Device Bound Session Credentials Tie Authentication Cookies to Specific Computers Google is prototyping a method to stymie hackers who get around multifactor security by stealing authentication cookies from desktops. Google says its proposal for cryptographically tying authentication tokens to computers will succeed where previous attempts such as Token Binding failed.

article thumbnail

An Expert Overview of CISM®

IT Governance

A Springboard to Career Success CISM® (Certified Information Security Manager) is a globally recognised qualification that provides a good understanding of IT security with a management flavour. But with so much in the news about AI, Cloud security and other niche areas of cyber security, it’s easy to overlook the importance of such solid, tried-and-tested qualifications in information security.

article thumbnail

'Many-Shot Jailbreaking' Defeats Gen AI Security Guardrails

Data Breach Today

'Fictitious Dialogue' About Harmful Content Subverts Defenses, Researchers Find After testing safety features built into generative artificial intelligence tools developed by the likes of Anthropic, OpenAI and Google DeepMind, researchers have discovered that a technique called "many-shot jailbreaking" can be used to defeat safety guardrails and obtain prohibited content.

article thumbnail

District Court Finds Communications Decency Act Provides Automotive Device Manufacturer Immunity for Clean Air Act Violations

Data Matters

On March 28, 2024, in US v. EZ Lynk , the U.S. District Court for the Southern District of New York dismissed the Department of Justice’s (DOJ) claim that an automotive device manufacturer violated Section 203 of the Clean Air Act (CAA), holding that Section 230 of the Communications Decency Act (CDA) provided complete immunity from CAA liability for the sale of certain aftermarket automotive devices.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

US State Department Investigating Hacking Claims

Data Breach Today

Notorious Hacker Alleges They Stole Data From National Security Contractor The U.S. Department of State confirmed it’s investigating claims of a cyber incident after a notorious hacker known as IntelBroker posted on a publicly accessible hacking forum that they had leaked data belonging to the federal government and its allies.

article thumbnail

IT Leaders Can’t Stop AI and Deepfake Scams as They Top the List of Most Frequent Attacks

KnowBe4

As if it couldn’t get any worse, new data shows that the attacks IT feels most inadequate to stop are the ones they’re experiencing the most.

IT 113
article thumbnail

How to Hire, Retain and Inspire Exceptional Employees

Data Breach Today

Leading Means Admitting What You Don't Know - And Other Tips for Leaders Being an effective leader involves recognizing and embracing the expertise of others, particularly in areas where your own knowledge is limited. Here are tips on how to attract top talent and retain these exceptional employees by fostering a culture of excellence, innovation and continuous learning.

226
226
article thumbnail

The advantages and disadvantages of private cloud 

IBM Big Data Hub

The popularity of private cloud is growing, primarily driven by the need for greater data security. Across industries like education, retail and government, organizations are choosing private cloud settings to conduct business use cases involving workloads with sensitive information and to comply with data privacy and compliance needs. In a report from Technavio (link resides outside ibm.com), the private cloud services market size is estimated to grow at a CAGR of 26.71% between 2023 and 2028,

Cloud 91
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Phishing Attacks Targeting Political Parties, Germany Warns

Data Breach Today

Escalation of Cyberespionage Likely Tied to Upcoming European Elections German federal agencies warned that phishing attacks targeting political parties surged ahead of upcoming European Union elections. The government did not attribute the attacks to a specific country but confirmed that they are tied to a nation-state group.

Phishing 196
article thumbnail

Global Data Breaches and Cyber Attacks in March 2024 – 299,368,075 Records Breached

IT Governance

IT Governance’s research found the following for March 2024: 3,478 publicly disclosed security incidents. 299,368,075 records known to be breached. This month saw fewer records breached than in February (a 58% drop), but a staggering 388% rise in incidents. This is largely caused by two outlier events: Misconfigured Google Firebase instances , exposing 124,605,664 records across 916 misconfigured websites.

article thumbnail

Are 1:1 iPad programs worth it?

Jamf

This new study of schools in the UK's Shaw Trust offers hard data for educators seeking to start 1:1 or 1:many iPad programs in their K-12 schools.

IT 102
article thumbnail

Apple Users Become the Latest Targets of MFA Attacks

KnowBe4

A new string of multi-factor authentication (MFA) attacks targeting the reset of Apple IDs seem to be popping up in a likely attempt to steal the victim’s digital identity and more.

article thumbnail

Improving the Accuracy of Generative AI Systems: A Structured Approach

Speaker: Anindo Banerjea, CTO at Civio & Tony Karrer, CTO at Aggregage

When developing a Gen AI application, one of the most significant challenges is improving accuracy. This can be especially difficult when working with a large data corpus, and as the complexity of the task increases. The number of use cases/corner cases that the system is expected to handle essentially explodes. 💥 Anindo Banerjea is here to showcase his significant experience building AI/ML SaaS applications as he walks us through the current problems his company, Civio, is solving.

article thumbnail

Three customer success trends in a post-pandemic world

OpenText Information Management

COVID-19 changed everything. Loyalty is on the auction block. Customers are uncertain: delaying purchases and shopping around. Brands that win in this new era will use customer success to drive transformative change with an eye to the future. What is customer success? Customer success grew out of the boom in SaaS companies. As B2B SaaS companies gained popularity in the early 2000s, vendors faced a challenge: neglecting customer training and retention led to frustrated users grappling with compl

Sales 64
article thumbnail

Catfishing Campaign Targets Members of the UK Government

KnowBe4

At least twelve men working in the UK parliament have recently been targeted by WhatsApp spear phishing messages, POLITICO reports. The targeted individuals include “a senior Labour MP, four party staffers, and a political journalist.

article thumbnail

The Air Force Bought a Surveillance-Focused AI Chatbot via 404

IG Guru

Check out the article here. The post The Air Force Bought a Surveillance-Focused AI Chatbot via 404 first appeared on IG GURU.

71