Mon.Aug 19, 2024

article thumbnail

National Public Data Published Its Own Passwords

Krebs on Security

New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today.

Passwords 359
article thumbnail

Florida-Based Drug Testing Lab Says 300,000 Affected in Hack

Data Breach Today

Cybercriminal Gang RansomHub Claims It Leaked 700 Gigabytes of Lab's Stolen Data Florida drug testing medical laboratory American Clinical Solutions told federal regulators that 300,000 individuals are caught up in a hacking incident now that criminal gang RansomHub has published 700 gigabytes worth of data stolen from the lab's network.

IT 286
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Black Hat Fireside Chat: Why grasping the context of code is a recipe for keeping software secure

The Last Watchdog

President Biden’s call for the mainstreaming of Software Bill of Materials (SBOMs) is a major step forward. Related: Europe mandates resiliency Requiring a formal inventory of all components, libraries and modules in all business applications can help lock down software supply chains, especially in light of the SolarWinds and Colonial Pipeline attacks.

Security 173
article thumbnail

Building Timely and Truthful LLMs for Security Operations

Data Breach Today

NYUs Brennan Lodge on Training Your Own Model With Retrieval Augmented Generation Many cybersecurity organizations hope generative artificial intelligence and large language models will help them secure the enterprise and comply with the latest regulations. But to date, commercial LLMs have big problems - hallucinations and a lack of timely data, said NYU professor Brennan Lodge.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

The Pentagon Is Planning a Drone ‘Hellscape’ to Defend Taiwan

WIRED Threat Level

The US Defense Department’s grand strategy for protecting Taiwan from a massive Chinese military offensive involves flooding the zone with thousands of drones.

Military 144

More Trending

article thumbnail

Embracing the Role of Educator: Guidance for Information Management Practitioners in the Era of AI

AIIM

As organizations explore the potential of AI, information management practitioners may face the challenge of being perceived as roadblocks rather than facilitators. However, by aligning Generative AI initiatives with business goals and promoting intentional adoption, these professionals can pivot into a critical educator role.

Education 143
article thumbnail

How the Paris Olympics Survived Unprecedented Cyberthreats

Data Breach Today

Officials Say the Olympic Games Saw 140 Cyberattacks. None Were Successful. France’s cyber defense agency teamed up with governments and security experts from across the globe to identify and mitigate a historic level of both physical and cyber threats following years of preparation, experts tell Information Security Media Group.

article thumbnail

Microsoft Zero-Day CVE-2024-38193 was exploited by North Korea-linked Lazarus APT

Security Affairs

Microsoft addressed a zero-day vulnerability actively exploited by the North-Korea-linked Lazarus APT group. Microsoft has addressed a zero-day vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), which has been exploited by the North Korea-linked Lazarus APT group. The vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), is a privilege escalation issue that resides in the Windows Ancillary Function Driver (AFD.sys) for WinSock.

Access 141
article thumbnail

Chinese Hacking Firm iSoon Targeted European Networks

Data Breach Today

German Government Analysis Finds Screenshots of File Directories A massive February leak of internal documents from Chinese hacking contractor iSoon revealed apparent hacking against European institutions and states, a German federal agency warned this week. Previous analysis of the leaked data by security researchers focused on iSoon's activities in Asia.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Researchers uncovered new infrastructure linked to the cybercrime group FIN7

Security Affairs

Team Cymru, Silent Push and Stark Industries Solutions researchers uncovered a new infrastructure linked to the cybercrime group FIN7. Researchers from Team Cymru identified two clusters potentially linked to the cybercrime group FIN7. The team collaborated with the cybersecurity experts of Silent Push and Stark Industries Solutions who shared their findings.

article thumbnail

Is Disabling Clickable URL Links Enough?

KnowBe4

Recently, we had a customer reach out to ask if disabling clickable uniform resource locator (URL) links in emails was enough protection by itself to potentially not need employee security awareness training and simulated phishing.

article thumbnail

Why MDR Stalwart eSentire Is Looking to Sell Itself for $1B

Data Breach Today

Aging Technology and Rising Competition Have Created a Need for Greater Investment The owners of eSentire are exploring a potential sale that could value the company at about $1 billion and attract the interest of private equity firms. The company is hoping to command a valuation equivalent to more than seven times its annual recurring revenue of about $150 million.

Sales 124
article thumbnail

Ransomware Group Known as ‘Royal’ Rebrands as BlackSuit and Is Leveraging New Attack Methods

KnowBe4

Despite changing their stripes, the FBI warns organizations of new tactics used by this known ransomware threat group that are only making them more.

article thumbnail

15 Modern Use Cases for Enterprise Business Intelligence

Large enterprises face unique challenges in optimizing their Business Intelligence (BI) output due to the sheer scale and complexity of their operations. Unlike smaller organizations, where basic BI features and simple dashboards might suffice, enterprises must manage vast amounts of data from diverse sources. What are the top modern BI use cases for enterprise businesses to help you get a leg up on the competition?

article thumbnail

The State of Ransomware

Schneier on Security

Palo Alto Networks published its semi-annual report on ransomware. From the Executive Summary: Unit 42 monitors ransomware and extortion leak sites closely to keep tabs on threat activity. We reviewed compromise announcements from 53 dedicated leak sites in the first half of 2024 and found 1,762 new posts. This averages to approximately 294 posts a month and almost 68 posts a week.

article thumbnail

U.K. Management Almost Twice as Likely to Fall for Phishing Attacks Versus Entry-Level Employees

KnowBe4

Highlights from a new survey focused on employee compliance reveals just how targeted and susceptible U.K. businesses are to phishing attempts.

Phishing 122
article thumbnail

Your Android phone is getting an anti-theft upgrade, thanks to AI. How it works

Collaboration 2.0

One of several Android security enhancements, Google's theft detection feature is rolling out now to a limited number of users.

IT 98
article thumbnail

The Long Road to Recovery Following a Ransomware Attack

KnowBe4

When it comes to the duration of a ransomware attack and the subsequent recovery process, the numbers are staggering and vary wildly. Partly because there’s no single source which compiles all the information in a consistent manner.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

How do AI checkers actually work?

Collaboration 2.0

AI-generated content detectors are the new gatekeepers of originality, and they're getting harder to beat. Here's what to know about the technologies powering them.

98
article thumbnail

IDC MarketScape names OpenText a leader in intelligent digital asset management

OpenText Information Management

Digital asset management systems have rapidly evolved, earning their place in marketing technology stacks and becoming a crucial part of modern brand management. Optimizing and organizing digital media assets helps companies build brand consistency and ultimately, customer trust. DAM acts as a single source of the truth, improves content workflows and maximizes return on investment (ROI) from brand, campaign, and communication assets.

article thumbnail

Why you should stop using your solar-powered power bank

Collaboration 2.0

I've spent the summer testing solar-powered power banks. It turns out the devices are universally rubbish and potentially unsafe. Here's what to use instead.

IT 98
article thumbnail

What is Records Information Management?

Armstrong Archives

Records Information Management (RIM) refers to the systematic handling of both digital and physical records throughout their entire lifecycle. Effective RIM practices help organizations manage critical information to support strategic planning and informed decision-making. At Armstrong Archives LLC , we provide secure and reliable record storage, document management, scanning, and secure document destruction services.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

My favorite DeWalt cordless drill and impact driver set is 33% off

Collaboration 2.0

Save $80 on this brilliant DeWalt power tool kit with this early Labor Day deal -- perfect for DIY beginners and tradespeople.

98
article thumbnail

LGBTQ+ Network: Festival of Pride and Knowledge

CILIP

LGBTQ+ Network: Festival of Pride and Knowledge By Ashleigh Green ( @ciliplgbtq , email ), a CILIP LGBTQ+ Network Steering Group Member. CILIP LGBTQ+ Network ran its fourth annual Festival of Pride and Knowledge in June, which featured a celebration of diversity and inclusion within the library and information profession. "The festival has now been running for four years, and it engages, educates, celebrates, and inspires those working within the library, knowledge and information (LKI) professi

article thumbnail

I recommend this $50 anti-spy camera finder and bug detector to anyone traveling

Collaboration 2.0

Social media is awash with ads for gadgets that detect hidden cameras and bugs in your hotel room, Airbnb, or even your own home. So I tested one to see if it actually works.

IT 97
article thumbnail

How to Protect Hard Copy Documents

Armstrong Archives

Safeguarding important paperwork and documents is a key part of being responsible in both your personal and professional life. Even with options like digitization and cloud storage, hard copy documents are still vital because of multiple considerations: Legal Compliance : Some documents must be kept in their original form to meet legal requirements.

Paper 52
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

These $400 XR glasses gave me a 200-inch screen to game and watch movies on

Collaboration 2.0

XR glasses are great for providing big-screen experiences in a comfortable, compact form factor. Here's my buying advice for the latest from RayNeo.

97
article thumbnail

Experts warn of exploit attempt for Ivanti vTM bug

Security Affairs

Researchers at the Shadowserver Foundation observed an exploit attempt based on the public PoC for Ivanti vTM bug CVE-2024-7593. Researchers at the Shadowserver Foundation observed an exploit attempt based on the public proof of concept (PoC) for the Ivanti vTM bug, CVE-2024-7593. In Mid-August, Ivanti addressed a critical authentication bypass vulnerability, tracked as CVE-2024-7593 (CVSS score of 9.8), impacting Virtual Traffic Manager (vTM) appliances that can allow attackers to create rogue

article thumbnail

This great Amazon Fire TV Omni Series QLED is $130 off right now

Collaboration 2.0

The Amazon Fire TV Omni QLED offers excellent picture and audio quality for both streaming and console gaming, and you can save $130 on the 55-inch version.

95