Fri.Jan 05, 2024

article thumbnail

Insurers Drop Bid to Exclude Merck's $1.4B NotPetya Claims

Data Breach Today

A Settlement Has Been Reached. So, How Might This Affect Similar Cases? A proposed settlement has been reached between Merck & Co. and several insurers that were appealing a 2023 court decision saying the insurance companies could not invoke "hostile warlike action" exclusions in refusing to pay drugmakers' claims filed after the 2017 NotPetya cyberattack.

Insurance 345
article thumbnail

How to Be More Anonymous Online

WIRED Threat Level

Being fully anonymous is next to impossible—but you can significantly limit what the internet knows about you by sticking to a few basic rules.

Privacy 144
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

NIST Warns of Cyberthreats to AI Models

Data Breach Today

Data-Poisoning Attacks Are Critical Threat to Machine Learning Security, NIST Warns Machine learning systems are vulnerable to cyberattacks that could allow hackers to evade security and prompt data leaks, scientists at the National Institute of Standards and Technology warned. There is "no foolproof defense" against some of these attacks, researchers said.

Security 314
article thumbnail

MyEstatePoint Property Search Android app leaks user passwords

Security Affairs

The MyEstatePoint Property Search app leaked data on nearly half a million of its users, exposing their names and plain-text passwords, the Cybernews research team has found. The all-in-one real estate app MyEstatePoint Property Search left a publicly accessible MongoDB server containing the sensitive details of its app users. The app, developed by NJ Technologies, an India-based software developer, has over half a million downloads on the Google Play store and mainly serves the Indian market.

Passwords 142
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

After Orange Disruption, Brace for More BGP Route Hijacking

Data Breach Today

Expert Warns of Copycat Attack Risk; Telco Hadn't Enabled Two-Factor Authentication In the wake of an apparently weak password being harvested by information-stealing malware and used to disrupt telecommunications giant Orange Spain's internet traffic, an expert is warning all organizations to beware of copycat attacks - and to lock down their internet registry accounts.

Passwords 311

More Trending

article thumbnail

ISMG Editors: Why Are Ransomware Victims Still Paying?

Data Breach Today

Also: Cyber Resilience in Israel; Human Risk Management in the Era of Remote Work In the latest weekly update, four ISMG editors discussed the number of ransomware victims who are paying a ransom to cybercriminals, the need for greater cyber resilience during wartime, and the critical role of human risk management in organizational cybersecurity in the era of remote work.

article thumbnail

Ivanti fixed a critical EPM flaw that can result in remote code execution

Security Affairs

Ivanti fixed a critical vulnerability in its Endpoint Manager (EPM) solution that could lead to remote code execution (RCE) on vulnerable servers Ivanti has released security updates to address a critical vulnerability, tracked as CVE-2023-39336 (CVSS score 9.6), impacting its Endpoint Manager (EPM) solution. The exploitation of this vulnerability could lead to remote code execution (RCE) on vulnerable servers. “If exploited, an attacker with access to the internal network can leverage an

article thumbnail

DOJ Wraps xDedic Dark Web Market Case; 19 Charged Worldwide

Data Breach Today

Authorities in 15 Countries Helped Dismantle Operations Following 2019 Takedown The U.S. Department of Justice announced Friday that it has wrapped up its investigation of the xDedic dark web marketplace and successfully dismantled the multinational criminal organizations, leading to charges against 19 individuals, including administrators, developers and customer service reps.

Marketing 303
article thumbnail

Phishing Reigns as the Most Likely and Most Feared Cyber Attack

KnowBe4

With over half of organizations being the victim of password-based attacks in the last year, new data sheds light on the risk of phishing attacks and the use of password-based credentials.

Phishing 126
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Mimecast Acquires Elevate Security to Address Human Risk

Data Breach Today

Company Plans to Enhance Digital Workplace Protection With Behavioral Analytics Mimecast announced the acquisition of human risk management solutions specialist Elevate Security as part of its initiative to enhance digital workplace protection. The move aims to address evolving cyberthreats by offering insights into human behaviors and risks and empowering customers.

Risk 295
article thumbnail

Beware of Fraudulent Charge Messages

KnowBe4

Be careful of emails, SMS messages, or calls claiming to be from your bank about your card being used fraudulently. If this ever happens, call the phone number on the back of your card.

Phishing 126
article thumbnail

Attack of the Clones: Feds Seek Defenses Again Voice-Faking

Data Breach Today

If AI Voice Cloning Can't Be Stopped, That Would Serve as Red Flag for Policymakers Do you have what it takes to build defenses that can easily and reliably spot voice cloning generated using artificial intelligence tools? If so, the U.S. Federal Trade Commission wants you to apply to its Voice Cloning Challenge, which promises a top prize of $25,000.

article thumbnail

CJEU Rules on Processing of Sensitive Data and Compensation Under the GDPR

Hunton Privacy

On December 21, 2023, the Court of Justice of the European Union (“CJEU”) issued its judgment in the case of Krankenversicherung Nordrhein (C-667/21) in which it clarified, among other things, the rules for processing special categories of personal data (hereafter “sensitive personal data”) under Article 9 of the EU General Data Protection Regulation (“GDPR”) and the nature of the compensation owed for damages under Article 82 of the GDPR.

GDPR 125
article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

Iranian APT Used No-Justice Wiper in Recent Albanian Attacks

Data Breach Today

Reports Say Attempts to Delete Data in the Attacks Were Unsuccessful Iranian hackers targeted the Albanian Parliament using the No-Justice Wiper and other commonly used tools. The attack came months after Albania had severed diplomatic ties with Iran following a July cyberattack that disrupted the country's online governmental services portal.

291
291
article thumbnail

Strong Encryption Explained: 6 Encryption Best Practices

eSecurity Planet

Strong encryption protects data securely from unauthorized access, but the specific algorithms that qualify as strong encryption change over time as computing power increases and researchers develop new ways to break encryption. In practice, security tools provide many encryption options that confuse uneducated users — including broken encryption options.

article thumbnail

Attack of the Clones: Feds Seek Voice-Faking Defenses

Data Breach Today

If AI Voice Cloning Can't Be Stopped, That Would Serve as Red Flag for Policymakers Do you have what it takes to build defenses that can easily and reliably spot voice cloning that is generated using artificial intelligence tools? If so, the U.S. Federal Trade Commission wants you to apply to its Voice Cloning Challenge, which promises a top prize of $25,000.

article thumbnail

Out of the Shadows: Resecurity Exposes 'GXC Team' – Architects of Cybercrime in Online Banking and Social Engineering

KnowBe4

Resecurity is tracking a cybercriminal gang called “GXC Team” that develops and sells tools to facilitate online banking theft and social engineering attacks.

Security 119
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Improving Shor’s Algorithm

Schneier on Security

We don’t have a useful quantum computer yet, but we do have quantum algorithms. Shor’s algorithm has the potential to factor large numbers faster than otherwise possible, which—if the run times are actually feasible—could break both the RSA and Diffie-Hellman public-key algorithms. Now, computer scientist Oded Regev has a significant speed-up to Shor’s algorithm, at the cost of more storage.

Paper 118
article thumbnail

Black Basta Ransomware Decryptor Released to Help Some Victims

KnowBe4

A flaw found by security researchers in the encryption software allows victim organizations to use “Black Basta Buster” to recover some of their data – but there’s a catch.

article thumbnail

Expert Insight: Adam Seamons on Zero-Trust Architecture

IT Governance

How networks have evolved and how to secure them Adam Seamons is the information security manager of GRC International Group PLC, after more than 15 years’ experience working as a systems engineer and in technical support. Adam also holds CISSP (Certified Information Systems Security Professional) and SSCP (Systems Security Certified Practitioner) certifications.

Cloud 104
article thumbnail

[LIVE DEMO] Are Your Users Making Risky Security Mistakes? Deliver Real-Time Coaching in Response to Risky User Behavior with SecurityCoach

KnowBe4

Do you need an easy, automated way to provide real-time feedback the moment your users make risky mistakes to help reinforce the training campaigns you manage today?

Security 114
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Libraries, critical thinking and the war on truth – what lies ahead in 2024

CILIP

Libraries, critical thinking and the war on truth – what lies ahead in 2024 Nick Poole, Chief Executive, CILIP will leave CILIP at the end of March 2024. But before he goes, he has written a personal essay looking at the challenges and opportunities that lie ahead for the information professions. The following is an abridged version of that essay, which you can read in full in the next issue of Information Professional, out on 9 February.

article thumbnail

What Is a Firewall Policy? Steps, Examples & Free Template

eSecurity Planet

A firewall policy is a set of rules and standards designed to control network traffic between an organization’s internal network and the internet. It aims to prevent unauthorized access, manage data movement, and guard against potential security threats. There are key components to consider, main types of firewall policies and firewall configurations to be aware of, and sample policies to review that offer valuable context in creating your own effective firewall policy.

article thumbnail

A brief history of cryptography: Sending secret messages throughout time

IBM Big Data Hub

Derived from the Greek words for “hidden writing,” cryptography is the science of obscuring transmitted information so that only the intended recipient can interpret it. Since the days of antiquity, the practice of sending secret messages has been common across almost all major civilizations. In modern times, cryptography has become a critical lynchpin of cybersecurity.

article thumbnail

Will ‘Project Hope’ protect public libraries?

CILIP

Will ‘Project Hope’ protect public libraries? Parliament is not yet sitting (at time of writing), but we already know that 2024 promises to be a year of change as the country moves into a General Election footing. While the prime minister mulls over when this will take place, the leader of the Labour Party, Keir Starmer, started the year launching ‘Project Hope’ the party’s election bid that lays out Labour’s plans for a decade of national renewal with an emphasis on the power of community and u

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Global Data Breaches and Cyber Attacks in December 2023 – 2,241,916,765 Records Breached

IT Governance

IT Governance’s research found the following for December 2023: 1,351 publicly disclosed security incidents. 2,241,916,765 records known to be breached. Both these figures are a significant increase on what we found for November 2023 : 470 incidents and 519,111,354 records – 187% and 332% increases respectively. This is in spite of a drop in supply chain attacks: 160 incidents (12%) originated from the supply chain this month.

article thumbnail

App Builder 2023 In Review

Enterprise Software Blog

The year 2023 has been a landmark period for the App Builder platform, distinguished not only by achieving new milestones and valuable features but also by the evolution of our products over the years. It's gratifying to see the shift from a phase of wishful thinking to a reality where 90% of the features we talked about more than three years ago are now implemented.

IT 69
article thumbnail

Nikon, Sony and Canon fight AI fakes with new camera tech via NIKKEI Asia

IG Guru

Check out the article here. The post Nikon, Sony and Canon fight AI fakes with new camera tech via NIKKEI Asia first appeared on IG GURU.